Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10525

When using RunAs authentication on info/login endoint, authenticationId is not correct

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 6.0.0
    • Fix Version/s: OpenIDM 6.0.0
    • Labels:
    • Environment:
      OpenIDM version "6.0.0-SNAPSHOT" (build: 20180326074232, revision: 1ae6973)

      Description

      When using RunAs authentication on info/login endoint to log as a managed user using admin user, then authenticationId contains the admin user instead of the managed user.

      Steps to reproduce:

      1) Start OpenIDM with custom authentication.json located in /example-configurations/conf/runas/authentication.json

      2) create a managed user:

      curl --header "If-None-Match: *" --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --data '{"userName": "rsutter", "telephoneNumber": "6669876987", "givenName": "rick", "description": "Just another user", "sn": "sutter", "mail": "rick@example.com", "password": "Th3Password"}' --request PUT "http://localhost:8080/openidm/managed/user/ricksutter"
      

      3) do a GET on info/login as this managed user

      curl --header "X-OpenIDM-Password: Th3Password" --header "X-OpenIDM-Username: rsutter"  --request GET "http://localhost:8080/openidm/info/login" |jq .
      {
        "_id": "login",
        "authenticationId": "rsutter",
        "authorization": {
          "component": "managed/user",
          "authLogin": false,
          "roles": [
            "openidm-authorized"
          ],
          "ipAddress": "0:0:0:0:0:0:0:1",
          "protectedAttributeList": [
            "password"
          ],
          "id": "ricksutter",
          "moduleId": "MANAGED_USER"
        }
      }
      

      4) do a GET on info/login with admin user using the X-OpenIDM-RunAs header

      curl --header "X-OpenIDM-RunAs: rsutter" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin"  --request GET "http://localhost:8080/openidm/info/login" |jq .
      {
        "_id": "login",
        "authenticationId": "openidm-admin",  <= here we should get "rsutter"
        "authorization": {
          "component": "managed/user",
          "authLogin": false,
          "adminUser": "openidm-admin",  <= this is different from the output when the user logs in directly, and this is expected
          "roles": [
            "openidm-authorized"
          ],
          "ipAddress": "0:0:0:0:0:0:0:1",
          "protectedAttributeList": [
            "password"
          ],
          "id": "ricksutter",
          "moduleId": "INTERNAL_USER" <= this is different from the output when the user logs in directly, and this is expected
        }
      }
      

      Note: this problem was found by Jon in this PR: https://stash.forgerock.org/projects/OPENIDM/repos/openidm-docs/pull-requests/1659/diff

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jbranch Jon Branch
                Reporter:
                laurent.bristiel Laurent Bristiel [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: