Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7069

Shared resources with a user are visible by another valid user

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Cannot Reproduce
    • Affects Version/s: 13.0.0
    • Fix Version/s: None
    • Component/s: UMA, XUI
    • Labels:
      None
    • Environment:
      Ubuntu 14 64-bit, Tomcat7, OpenAM 13.0.0 build Oct 2, 2015

      Description

      • Configured OAuth2 provider, UMA providers, and OAuth2 agent (aka RS).
      • Created resource_set myDevice for user Alice and RS.
      • Authenticated to Alice's account on OpenAM, browsed to "Resources", clicked on myDevice and shared it with Bob. All went OK.
      • Authenticated to Ted's account on OpenAM, browsed to "Resources", clicked on "Shared with me" and found myDevice!!!

      This is happening while trying to get "permission_ticket" for Ted is rejected by OpenAM, saying resource is not shared (which is as expected).

      Not sure if it matters, but users are created in the embedded DJ via LDAP queries (and not from OpenAM console).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              hahmadi hadi hahmadi
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: