Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8780

"Resource Owner did not authorize the request" error when running the OIDC sample

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 12.0.0, 12.0.2
    • Fix Version/s: None
    • Component/s: samples
    • Labels:
      None
    • Sprint:
      Sprint 109 - Shakespeare, Sprint 107 - Team Shakespeare, Sprint 108 - Team Shakespeare, Sprint 111 - Shakespeare, Sprint 112 - Shakespeare

      Description

      From support case 12674:

      I am trying to configure OpenIDConnect. I use this test client: https://github.com/ForgeRock/openid
      When trying the basic OpenIDConnect flow (authorization grant). I authenticate successfully and am asked to give consent (see screencap). However, when I click on 'Allow' I get redirected to my client application with the following error: "Resource Owner did not authorize the request"

      https://bedac4010.be.deloitte.com/OpenIDConnectDemo/cb-basic.html?error_description=Resource%20Owner%20did%20not%20authorize%20the%20request&state=af0ifjsldkj&error=access_denied

      This error is specifically related to the consent and seems to be coming from this class: AuthorizationServiceImpl.java

      Do you have any idea what might be causing the issue? Is this a known bug?

      And from a GitHub notificarion:

      I have had issues with the fetching of the access token and the userinfo object in the cb-basic.html. I was prompted with a basic authentication form due to a 401 reply from OpenAM. Apperently I had to add the realm as a GET parameter. Next I had issues in fetching the userinfo object. Adding the realm to this ajax call resolved the issue as well.

      I have tried this code before when testing with OpenAM12 and then it worked like a charm. However, on OpenAM12.0.2 I need the realm to be added for everything to work.

      So the codechanges were quite simple:
      url: server + openam + access + "?"
      + encodeQueryData(

      { "realm": client_realm }

      )

      and

      url: server + openam + info + "?"
      + encodeQueryData(

      { "realm": client_realm }

      ),

      It would take a lot more effort to do a pull request and push my changes. So for this simple issue I think that is overkill.

        Attachments

          Activity

            People

            • Assignee:
              David.Goldsmith David Goldsmith
              Reporter:
              David.Goldsmith David Goldsmith
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: