Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8433

JSON Authentication does not provide correct feedback for expired session

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: authentication
    • Labels:
    • Environment:
      12.0.x
    • Sprint:
      AM Sustaining Sprint 19, AM Sustaining Sprint 20
    • Support Ticket IDs:

      Description

      2. Authenticate thru JSON (for the LDAP module) - this could be done by invoking module directly or
      setting LDAP chain as Organization Authentication Configuration for a realm

      curl -vk http://openam-local.example.com:8080/openam/json/testrealm/authenticate -H 'Content-Type: application/json' --data '{}'
      

      response

      {"authId":""eyAid..JHJ1lg","template":"","stage":"DataStore1","header":"Sign in to OpenAM","callbacks":[{"type":"NameCallback","output":[{"name":"prompt","value":"User Name:"}],"input":[{"name":"IDToken1","value":""}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Password:"}],"input":[{"name":"IDToken2","value":""}]}]}
      

      3.Take the authId and place it in a json callback e.g forgotten password - then wait a couple of minutes for session timeout

       curl -vk http://openam-local.example.com:8080/openam/json/testrealm/authenticate -H 'Content-Type: application/json' --data '{"authId":"eyAid..JHJ1lg","template":"","stage":"LDAP2","header":"Change Password<BR></BR>Password must be reset.","callbacks":[{"type":"PasswordCallback","output":[{"name":"prompt","value":"Old Password"}],"input":[{"name":"IDToken1","value":"Password1"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"New Password"}],"input":[{"name":"IDToken2","value":"test"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Confirm Password"}],"input":[{"name":"IDToken3","value":"test"}]},{"type":"ConfirmationCallback","output":[{"name":"prompt","value":""},{"name":"messageType","value":0},{"name":"options","value":["Submit","Cancel"]},{"name":"optionType","value":-1},{"name":"defaultOption","value":0}],"input":[{"name":"IDToken4","value":0}]}]}' 
      

      $. Then call do a password change. The error returned is not useful
      with "Incorrect number of callbacks found in JSON response"
      and status code 400 (Bad Request)

      POST /openam/json/authenticate HTTP/1.1
      Host: openam.example.com:8080
      Content-Type: application/json
      Accept: application/json, text/javascript, */*; q=0.01
      Referer: http://qa-openam.example.com:8080/openam/XUI/
      
      {"authId":"eyAidHlwIjogIkpXV....bGciOiAiSFMyNTYiIH0.eyAiYXV0aEluZGV4VmFsdWUiOiAiTERBUCIsICJvdGsiOiAiNDE2aHFxNHJqYm44NG8yZDdpdDk5aHQzc2IiLCAiYXV0aEluZGV4VHlwZSI6ICJtb2R1bGVfaW5zdGFuY2Ui....8VOr4fa9yVYoJ1aY5Tydt5pz90IVp8RQ","template":"","stage":"LDAP1","header":"Sign in to OpenAM","callbacks":[{"type":"NameCallback","output":[{"name":"prompt","value":"User Name:"}],"input":[{"name":"IDToken1","value":"passreset"}]},{"type":"PasswordCallback","output":[{"name":"prompt","value":"Password:"}],"input":[{"name":"IDToken2","value":"password"}]}]}
      
      {code: 400, reason: "Bad Request", message: "Incorrect number of callbacks found in JSON response"}
      code: 400
      message: "Incorrect number of callbacks found in JSON response"
      reason: "Bad Request"
      
      

      A more meaningful response should be returned.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                chee-weng.chea C-Weng C
                QA Assignee:
                Andrew Vinall
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 5h
                  5h