Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9480

Failing a push authentication breaks the XUI login screen (but auth still succeeds)

    Details

    • Target Version/s:
    • Rank:
      1|hzrdlr:

      Description

      Failing to authenticate using the ForgeRock Authenticator (Push) module sends you back to the start of the login chain. However, XUI appears to get confused the second time you enter your user name, and does not render the next callback stage to the screen. The authentication process continues however, and the phone still receives a push message. If you respond to this push message, the user is correctly logged in, though they have not seen the "waiting for response" page.

      Steps to reproduce:

      1) Install the Push Notification Service
      2) Install a ForgeRock Authenticator (Push) Registration module in a chain after a Datastore module
      3) Install a ForgeRock Authenticator (Push) Auth module in a chain on its own
      4) Register a device as the demo user by visiting the registration chain, the log out.
      5) Head to the authentication chain. When the screen moves to "waiting for response", use your phone to reject the authentication attempt (either by manually cancelling the operation, or by failing your password/fingerprint numerous times).
      6) You will be redirected back to the start of the auth chain (correctly)
      7) WITHOUT reloading the page, re-enter the user's login name

      – What Happens –

      8) The button will remain depressed on screen, and your phone will buzz (with a real auth request) but the XUI will not proceed to render the second stage ("waiting for response").
      9) Respond to the auth correctly, and after a few seconds the login page will move you to your user's profile.

      – What Should Happen –

      8) User is progressed to the "waiting for response" page, as in the first stage of the walkthrough and the phone will buzz (with a real auth request)
      9) Respond to the auth correctly, and after a few seconds the login page will move you to your user's profile.

      EDIT:

      This can also be reproduced by allowing the first authentication attempt to timeout in the login chain, rather than failing to answer the push notification. In this situation, the same experience is had as detailed in – What Happens –

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                eugenia.sergueeva Eugenia Sergueeva [X] (Inactive)
                Reporter:
                david.luna@forgerock.com David Luna
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: