-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 13.0.0
-
Component/s: authentication
-
Labels:
Configure an auth-chain with LDAP and RADIUS auth modules like ..
[name=LDAP] [flag=REQUIRED] [options=iplanet-am-auth-shared-state-enabled=true iplanet-am-auth-store-shared-state-enabled=true] [name=RADIUSTest] [flag=REQUIRED] [options=iplanet-am-auth-shared-state-enabled=true iplanet-am-auth-shared-state-behavior-pattern=useFirstPass
After passing LDAP auth module the RADIUS auth module bails out with
stacktrace from OpenAM 11.0.2
Exception javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException: 0 at com.sun.identity.authentication.modules.radius.RADIUS.setDynamicText(RADIUS.java:197) at com.sun.identity.authentication.modules.radius.RADIUS.process(RADIUS.java:331) at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1000) at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1105) at sun.reflect.GeneratedMethodAccessor44.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:210) at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123) at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:569) at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:699) at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1382) at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:858) at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:522) at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981) at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615) at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:113) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2442) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2431) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:274) at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123) at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:569)
Root cause analysis:
Unable to find source-code formatter for language: com.sun.identity.authentication.modules.radius.radius.java. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
private void setDynamicText(int state) throws AuthLoginException { Callback[] callbacks = getCallback(state); String prompt = ((PasswordCallback)callbacks[0]).getPrompt(); boolean echo = ((PasswordCallback)callbacks[0]).isEchoOn();
but 'getCallback' seems to return 0-length callback array in that case
com.sun.identity.authentication.spi.AMLoginModule.java
public Callback[] getCallback(int index, boolean fetchOrig) throws AuthLoginException { // This method will be called by customer module, so it will // return Callback[] from external callback List // check if there is no callbacks defined for this module if (noCallbacks || ( (isSharedState) && (!forceCallbacksRead) )) { return EMPTY_CALLBACK; }
Enhanced debug logging is also needed as the Authentication debug log does not tell this.