-
Type:
Bug
-
Status: Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 13.0.0, 13.5.0
-
Component/s: authentication, XUI
-
Labels:
1) Create an AuthChain 'datastoreService' with 'datastore' as required module
2) Create and AuthChain 'twofactor' with 'datastore' and 'HOTP' as required modules
3) Adopt AuthContexts of the IdP to map 'PasswordProtectedTransport' AuthContextClassRef to service 'datastoreService' and level '1'.
4) Adopt AuthContexts of the IdP to map 'TimeSyncToken' to service 'twofactor' and level '2'.
5) Authenticate at OpenAM with default auth chain of the realm where the CoT was created
6) Run SP-initiated SSO with AuthContextClassRef 'TimeSyncToken' on the Fedlet sample app
After submitting the OTP for the 2nd auth-module of the two factor chain, XUI responds with error Required callback not found in JSON response
Performing the same session upgrade without the SAML flow works fine.
i.e.
1) Authenticate at OpenAM with default auth chain
2) Authenticate with params &authIndexType=service&authIntexType=twofactor
Comparing the HTTP POST requests for the 'HOTP2' stage between does not show a significant difference, see attached excerpts from network capture.
- depends on
-
OPENAM-9597 Goto URL with multiple query string parameters incorrectly decoded
-
- Resolved
-
- is caused by
-
OPENAM-7539 Federation + SAML2 module + forceAuth leads to the page which wants to destroy the current IDP session
-
- Resolved
-
- is duplicated by
-
OPENAM-10582 ForceAuth=true causes ServerSide Scripted Auth To Fail If Already Authenticated
-
- Resolved
-
- is required by
-
OPENAM-10250 Classic UI Login fails to authenticate with ForceAuth
-
- Resolved
-