Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8108

Radius auth module not usable in auth-chain with 'shared-state' enabled

    Details

    • Sprint:
      AM Sustaining Sprint 18
    • Support Ticket IDs:

      Description

      Configure an auth-chain with LDAP and RADIUS auth modules like ..

      [name=LDAP] [flag=REQUIRED] [options=iplanet-am-auth-shared-state-enabled=true iplanet-am-auth-store-shared-state-enabled=true]
[name=RADIUSTest] [flag=REQUIRED] [options=iplanet-am-auth-shared-state-enabled=true  iplanet-am-auth-shared-state-behavior-pattern=useFirstPass

      After passing LDAP auth module the RADIUS auth module bails out with

      stacktrace from OpenAM 11.0.2
      Exception
javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException: 0
at com.sun.identity.authentication.modules.radius.RADIUS.setDynamicText(RADIUS.java:197)
at com.sun.identity.authentication.modules.radius.RADIUS.process(RADIUS.java:331)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1000)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1105)
at sun.reflect.GeneratedMethodAccessor44.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:210)
at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123)
at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:569)
at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:699)
at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1382)
at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:858)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:522)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:113)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2442)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2431)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:274)
at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123)
at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:569)

      Root cause analysis:

      Unable to find source-code formatter for language: com.sun.identity.authentication.modules.radius.radius.java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
          private void setDynamicText(int state) throws AuthLoginException {
        Callback[] callbacks = getCallback(state);
        String prompt = ((PasswordCallback)callbacks[0]).getPrompt();
        boolean echo = ((PasswordCallback)callbacks[0]).isEchoOn();

      but 'getCallback' seems to return 0-length callback array in that case

      com.sun.identity.authentication.spi.AMLoginModule.java
          public Callback[] getCallback(int index, boolean fetchOrig) 
        throws AuthLoginException 
    {
        // This method will be called by customer module, so it will
        // return Callback[] from external callback List
        // check if there is no callbacks defined for this module
        if (noCallbacks || ( (isSharedState) && (!forceCallbacksRead) )) {
            return EMPTY_CALLBACK;
        }

      Enhanced debug logging is also needed as the Authentication debug log does not tell this.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified