Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9358

Default Microsoft Social Auth login configuration fails

    Details

    • Sprint:
      113 -"Dhole"- Team Tesla, 114 -"Eagle"- Team Tesla

      Description

      When using the configuration wizard for Microsoft Social login it isn't possible to then log in successfully. This appears to fail during the account mapping stage, after the auth code has been successfully retrieved from the service.

      Regardless it appears as though login.live.com is no longer the most up-to-date version of the Microsoft OAuth service, with them having moved instead to

      https://login.microsoftonline.com/common/oauth2/v2.0/authorize
      https://login.microsoftonline.com/common/oauth2/v2.0/token
      

      To recreate

      • Log into OpenAM as amadmin
      • Go into the Root realm -> Configure Social Auth -> Configure Microsoft Authentication
      • Fill out clientid/secret (having registered your app on https://apps.dev.microsoft.com/#/appList )
      • Create service
      • In a new private browsing session, go to the OpenAM Login page and click the Microsoft icon
      • Log into your Microsoft Live account

      Expected

      • Redirected to OpenAM profile page

      Actual

      • Shown a failed login page

      From the authentication logs there is the following stacktrace

      amAuth:07/06/2016 03:53:06:084 PM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[18d164c3-0fbc-4b23-9e48-9f3a85ed9ebc-3798]
      ERROR: DefaultAccountMapper.getAccount: IRE 
      Message:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception.  ldap errorcode=21
      
              at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.newIdRepoException(DJLDAPv3Repo.java:2518)
              at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.handleErrorResult(DJLDAPv3Repo.java:2508)
              at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.create(DJLDAPv3Repo.java:686)
              at com.sun.identity.idm.server.IdServicesImpl.create(IdServicesImpl.java:453)
              at com.sun.identity.idm.AMIdentityRepository.createIdentity(AMIdentityRepository.java:462)
              at org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider.provisionUser(DefaultAccountProvider.java:114)
              at org.forgerock.openam.authentication.modules.oauth2.OAuth.provisionAccountNow(OAuth.java:687)
              at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:363)
              at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1056)
              at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1224)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:497)
              at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:217)
              at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:125)
              at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:565)
              at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:617)
              at org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper.submitRequirements(AuthContextLocalWrapper.java:115)
              at org.forgerock.openam.core.rest.authn.core.LoginProcess.next(LoginProcess.java:173)
              at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.processAuthentication(RestAuthenticationHandler.java:262)
              at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:167)
              at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.continueAuthentication(RestAuthenticationHandler.java:114)
              at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:145)
              at sun.reflect.GeneratedMethodAccessor58.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:497)
              at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:81)
              at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:72)
              at org.forgerock.http.routing.Router.handle(Router.java:92)
              at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:73)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.http.routing.Router.handle(Router.java:92)
              at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:84)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.http.routing.Router.handle(Router.java:92)
              at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
              at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
              at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:168)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152)
              at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:485)
              at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:567)
              at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:555)
              at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:477)
              at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:468)
              at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:146)
              at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.openam.http.HandlerProvider.handle(HandlerProvider.java:50)
              at org.forgerock.openam.http.HttpRoute$3.handle(HttpRoute.java:142)
              at org.forgerock.http.routing.Router.handle(Router.java:92)
              at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:60)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60)
              at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:56)
              at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:225)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
              at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      
      amAuth:07/06/2016 03:53:06:085 PM BST: Thread[http-bio-8080-exec-13,5,main]: TransactionId[18d164c3-0fbc-4b23-9e48-9f3a85ed9ebc-3798]
      ERROR: LDAPERROR Code = 21
      

        Attachments

          Activity

            People

            • Assignee:
              rich.riley Rich Riley [X] (Inactive)
              Reporter:
              samdrew Sam Drew
              QA Assignee:
              Joanna Wasilewska [X] (Inactive)
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: