Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8648

PostAuthentication not triggered for noSession=true authentication case

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: authentication
    • Labels:
    • Sprint:
      AM Sustaining Sprint 20
    • Support Ticket IDs:

      Description

      Steps to reproduce:

      • Configure a post authentication plugin for the default authentication chain
      • Try to authenticate with noSession mode enabled:
        curl -v -d '' -H "X-OpenAM-Username: demo" -H "X-OpenAM-Password: changeit" http://openam.example.com:8080/openam/json/authenticate?noSession=true
        

      Whilst the authentication was successful, the Post Authentication Processing plugin's onLoginSuccess method was not called.

      When message level debug log is enabled the following can be seen in Authentication:

      Error retrieving SSOToken :
      com.iplanet.sso.SSOException: Invalid session ID.AQIC5wM2LY4SfczXCT8fwgUrWIuV4NaVK-hotBK-8os9jKY.*AAJTSQACMDEAAlNLABMxNzc0MDM3NjY1MzYwMjI3MjUy*
              at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:203)
              at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
              at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:219)
              at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:306)
              at com.sun.identity.authentication.service.LoginState.getSSOToken(LoginState.java:1925)
              at com.sun.identity.authentication.service.LoginState.executePostProcessSPI(LoginState.java:5369)
              at com.sun.identity.authentication.service.LoginState.postProcess(LoginState.java:5339)
              at com.sun.identity.authentication.service.AMLoginContext.postProcessOnSuccess(AMLoginContext.java:2022)
              at com.sun.identity.authentication.service.AMLoginContext.getStatus(AMLoginContext.java:1034)
       ....
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
      read.java:61)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: com.iplanet.dpro.session.SessionException: Invalid session ID.AQIC5wM
      2LY4SfczXCT8fwgUrWIuV4NaVK-hotBK-8os9jKY.*AAJTSQACMDEAAlNLABMxNzc0MDM3NjY1MzYwMj
      I3MjUy*
      ....
              at com.iplanet.dpro.session.Session.refresh(Session.java:1557)
              at com.iplanet.dpro.session.Session.getSession(Session.java:1203)
              at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:190)
              ... 95 more
      Caused by: com.iplanet.dpro.session.SessionException: Invalid session ID.AQIC5wM2LY4SfczXCT8fwgUrWIuV4NaVK-hotBK-8os9jKY.*AAJTSQACMDEAAlNLABMxNzc0MDM3NjY1MzYwMjI3MjUy*
              at com.iplanet.dpro.session.service.SessionService.resolveToken(SessionService.java:1072)
              at com.iplanet.dpro.session.service.SessionService.getSessionInfo(SessionService.java:1311)
              at com.iplanet.dpro.session.operations.strategies.LocalOperations.refresh(LocalOperations.java:70)
              at com.iplanet.dpro.session.monitoring.MonitoredOperations.refresh(MonitoredOperations.java:58)
              at com.iplanet.dpro.session.Session.doRefresh(Session.java:1570)
              at com.iplanet.dpro.session.Session.access$400(Session.java:118)
              at com.iplanet.dpro.session.Session$3.run(Session.java:1546)
              at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:82)
              at com.iplanet.dpro.session.Session.refresh(Session.java:1543)
              ... 97 more
      amAuth:04/01/2016 12:53:32:783 PM XXX: Thread[http-nio-8080-exec-7,5,main]
      Error 
      com.iplanet.sso.SSOException: Authentication Error!!|auth_error_template.jsp
              at com.sun.identity.authentication.service.LoginState.getSSOToken(LoginState.java:1929)
              at com.sun.identity.authentication.service.LoginState.executePostProcessSPI(LoginState.java:5369)
              at com.sun.identity.authentication.service.LoginState.postProcess(LoginState.java:5339)
              at com.sun.identity.authentication.service.AMLoginContext.postProcessOnSuccess(AMLoginContext.java:2022)
      

      Issues:
      Seem like the getSSOToken() method in LoginState throws exception when noSession=true is set.

      case POSTPROCESS_SUCCESS:
          postProcessInstance.onLoginSuccess(requestMap,servletRequest, servletResponse,getSSOToken());
      

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              chee-weng.chea C-Weng C
              QA Assignee:
              Filip Kubáň [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h