-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 12.0.2, 13.0.0
-
Component/s: authentication, policy
-
Labels:
To reproduce:
- Install OpenAM 12.0.2
- Disable XUI (this step is not required for testing in 13)
- Install Agent
- Configure Agent profile Login URL as http://openam.example.com:48080/openam/UI/Login?resource=true
- Change the Auth Level of more than one module to something specific, say LDAP module and DataStore module to Authentication Level 3
- Create a Policy with environment condition 'Authentication Level (greater than or equal to) 3'
When accessing the resource without any previous session, I would expect to be presented a choice between all modules with Authentication Level 3 or higher, in this case LDAP and DataStore.
Instead, I see the default ldapService chain first. Only after authenticating there, do I see the choice of module.
I should mention that if the user is previously authenticated and hits this protected resource in a session upgrade scenario, the correct behaviour is seen: no default module, straight to choice screen.
- is related to
-
OPENAM-5451 Resource based authentication does not work as expected in 12 (with legacy UI)
-
- Resolved
-
- relates to
-
OPENAM-8637 Allow resource based authentication to evaluate policies in a subrealm.
-
- Closed
-