Affects Version/s: 13.0.0, 13.5.0
Environment:Mac OS X
java version "1.8.0_31"
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode)
Apache Tomcat 8.0.54
OpenAM 13.5.0 Fedlet
1) Create an AuthChain 'datastoreService' with 'datastore' as required module
2) Create and AuthChain 'twofactor' with 'datastore' and 'HOTP' as required modules
3) Adopt AuthContexts of the IdP to map 'PasswordProtectedTransport' AuthContextClassRef to service 'datastoreService' and level '1'.
4) Adopt AuthContexts of the IdP to map 'TimeSyncToken' to service 'twofactor' and level '2'.
5) Authenticate at OpenAM with default auth chain of the realm where the CoT was created
6) Run SP-initiated SSO with AuthContextClassRef 'TimeSyncToken' on the Fedlet sample app
After submitting the OTP for the 2nd auth-module of the two factor chain, XUI responds with error Required callback not found in JSON response
Performing the same session upgrade without the SAML flow works fine.
1) Authenticate at OpenAM with default auth chain
2) Authenticate with params &authIndexType=service&authIntexType=twofactor
Comparing the HTTP POST requests for the 'HOTP2' stage between does not show a significant difference, see attached excerpts from network capture.