Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9492

XUI should validate the value of a Persistent Cookie HMAC Signing Key

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 13.5.0
    • None
    • console, XUI
    • None
    • Rank:
      1|hzrvcn:
    • 0
    • No
    • None

    Description

      In the Persistent Cookie module, the 'HMAC Signing Key' option has instructions to enter "Base64-encoded 256-bit key to use for HMAC signing of the cookie.".

      An invalid value such as "abcd" will be accepted by the UI without warning.
      When the persistent cookie module is then used for authentication with this setting, creation of the persistent cookie will fail with an error visible in the Authentication log.

      amAuthPersistentCookie:07/27/2016 11:44:20:455 AM BST: Thread[http-bio-8080-exec-4,5,main]: TransactionId[2e7c6b38-4c1f-4478-80fb-
      66b92f2d23ae-3833]
      ERROR: Authentication Failed
      org.forgerock.caf.authentication.api.AuthenticationException: Signing key must be at least 256-bits base64 encoded
              at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.initialize(AbstractJwtSessionModule.java:196)
              at org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule.initialize(ServletJwtSessionModule.java:47)
              at org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule.initialize(ServletJwtSessionModule.java:68)
      

      The UI should perform some validation of the value entered.

      Attachments

        Issue Links

          Activity

            People

              peter.major Peter Major [X] (Inactive)
              andrew.dunn Andrew Dunn [X] (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: