[OPENAM-8199] Resource based authentication does not work with more than one environment condition - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 12.0.2, 13.0.0
Fix Version/s: 12.0.4, 13.5.0
Component/s: authentication, policy
Labels:
- 13.0.1-Candidate
- EDISON

Target Version/s:

12.0.4, 13.5.0

Sprint:
AM Sustaining Sprint 19, AM Sustaining Sprint 20

Support Ticket IDs:

Verified Version/s:

12.0.4

Description

To reproduce:

Install OpenAM 12.0.2
Disable XUI (this step is not required for testing in 13)
Install Agent
Configure Agent profile Login URL as http://openam.example.com:48080/openam/UI/Login?resource=true
Change the Auth Level of more than one module to something specific, say LDAP module and DataStore module to Authentication Level 3
Create a Policy with environment condition 'Authentication Level (greater than or equal to) 3'

When accessing the resource without any previous session, I would expect to be presented a choice between all modules with Authentication Level 3 or higher, in this case LDAP and DataStore.

Instead, I see the default ldapService chain first. Only after authenticating there, do I see the choice of module.

I should mention that if the user is previously authenticated and hits this protected resource in a session upgrade scenario, the correct behaviour is seen: no default module, straight to choice screen.

Attachments

Issue Links

is related to

OPENAM-5451 Resource based authentication does not work as expected in 12 (with legacy UI)

Resolved

relates to

OPENAM-8637 Allow resource based authentication to evaluate policies in a subrealm.

Closed

Activity

People

Assignee:

Jonathan Thomas

Reporter:

Joe Starling

QA Assignee:

Filip Kubáň [X] (Inactive)

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

26/Jan/16 1:24 PM

Updated:

20/Nov/16 12:32 PM

Resolved:

30/Mar/16 4:45 PM

Time Tracking

Estimated:

Remaining:

Logged:

10h