Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8336

XUI+REST authentication with chains must have sticky load balancing

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 12.0.2, 13.0.0, 13.5.0, 14.0.0
    • Fix Version/s: None
    • Component/s: authentication, rest, XUI
    • Labels:
    • Support Ticket IDs:

      Description

      In a multi-server setup without stickiness working in a load balancer, and authentication to a chain taking place across multiple servers, authentication will fail.
      It should be possible to authenticate even if amlbcookie is not recognised or used properly by the load balancer.

      Steps to reproduce:

      1. Setup server-1 and server-2 behind a LB without stickiness.
      2. Configure a chain with LDAP (required) and HOTP (required)
      3. POST to server-1, json/authenticate?authIndexType=service&authIndexValue=hotptest
      4. Fill-in callbacks and POST response to server-2
      5. Fill-in callbacks returned from server-2 and POST to server-1

      Response back from server-1 is

      {"code":400,"reason":"Bad Request","message":"Required callback not found in JSON response"}
      

      Stacktrace on server-1:

      AuthContextLocal:: Status : in_progress
      amAuthContextLocal:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      AuthContextLocal::getRequirements()
      amAuth:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      getStatus : status is... : 2
      amAuth:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      getStatus : status is... : 2
      amAuthContextLocal:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      In getCallbacks() callback : com.sun.identity.authentication.spi.PagePropertiesCallback@60c60fa0
      amAuthContextLocal:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      In getCallbacks() callback : javax.security.auth.callback.NameCallback@124aca87
      amAuthContextLocal:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      In getCallbacks() callback : javax.security.auth.callback.PasswordCallback@35691983
      amAuthREST:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      ERROR: Required callback not found in JSON response
      amAuthUtils:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      URL name : PostProcessLoginFailureURL Value : Not set - null or empty string
      amAuth:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      processURL : null
      amAuthREST:02/11/2016 11:55:01:818 AM GMT: Thread[http-bio-8080-exec-8,5,main]
      AuthenticationService.authenticate() :: Rest Authentication Exception
      org.forgerock.openam.forgerockrest.authn.exceptions.RestAuthException: Required callback not found in JSON response
              at org.forgerock.openam.forgerockrest.authn.RestAuthCallbackHandlerManager.handleJsonCallbacks(RestAuthCallbackHandlerManager.java:149)
              at org.forgerock.openam.forgerockrest.authn.RestAuthenticationHandler.handleCallbacks(RestAuthenticationHandler.java:304)
              at org.forgerock.openam.forgerockrest.authn.RestAuthenticationHandler.processAuthentication(RestAuthenticationHandler.java:235)
              at org.forgerock.openam.forgerockrest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:160)
              at org.forgerock.openam.forgerockrest.authn.RestAuthenticationHandler.continueAuthentication(RestAuthenticationHandler.java:109)
              at org.forgerock.openam.forgerockrest.authn.restlet.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:127)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:497)
              at org.restlet.resource.ServerResource.doHandle(ServerResource.java:503)
              at org.restlet.resource.ServerResource.post(ServerResource.java:1216)
              at org.restlet.resource.ServerResource.doHandle(ServerResource.java:592)
              at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:649)
              at org.restlet.resource.ServerResource.doConditionalHandle(ServerResource.java:348)
              at org.restlet.resource.ServerResource.handle(ServerResource.java:952)
              at org.restlet.resource.Finder.handle(Finder.java:246)
              at org.forgerock.openam.rest.service.VersionRouter.handle(VersionRouter.java:139)
              at org.forgerock.openam.rest.service.ServiceRouter$RestletWrapper.handle(ServiceRouter.java:163)
              at org.restlet.routing.Filter.doHandle(Filter.java:159)
              at org.restlet.routing.Filter.handle(Filter.java:206)
              at org.restlet.routing.Router.doHandle(Router.java:431)
              at org.forgerock.openam.rest.service.RestletRealmRouter.doHandle(RestletRealmRouter.java:106)
              at org.restlet.routing.Router.handle(Router.java:648)
              at org.forgerock.openam.rest.service.ServiceRouter.handle(ServiceRouter.java:144)
              at org.restlet.routing.Filter.doHandle(Filter.java:159)
              at org.restlet.routing.Filter.handle(Filter.java:206)
              at org.restlet.routing.Filter.doHandle(Filter.java:159)
              at org.restlet.routing.Filter.handle(Filter.java:206)
              at org.restlet.routing.Filter.doHandle(Filter.java:159)
              at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:155)
              at org.restlet.routing.Filter.handle(Filter.java:206)
              at org.restlet.routing.Filter.doHandle(Filter.java:159)
              at org.restlet.routing.Filter.handle(Filter.java:206)
              at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:211)
              at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:84)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                12 Vote for this issue
                Watchers:
                34 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: