Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10578

Unable to specify the authenticationId within augmentSecurityContext script

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      2
    • Sprint:
      OpenIDM Sprint 6.5-8, OpenIDM Sprint 6.5-9

      Description

      1) Update the STATIC_USER entry in the default authentication.json to look like so:

                  {
                      "name" : "STATIC_USER",
                      "properties" : {
                          "augmentSecurityContext": {
                              "type" : "text/javascript",
                              "source" : "security.authenticationId='foo'; security"
                          },
                          "queryOnResource" : "repo/internal/user",
                          "username" : "anonymous",
                          "password" : "anonymous",
                          "defaultUserRoles" : [
                              "openidm-reg"
                          ]
                      },
                      "enabled" : true
                  },
      

      The change is merely the addition of the trivial augmentSecurityContext script, which attempts to set the authenticationId to "foo".

      2) Start IDM and make this curl request to see the resultant security context:

      curl -u anonymous:anonymous http://localhost:8080/openidm/info/login
      

      Expected result:
      The value returned for "authenticationId" should be "foo".
      Actual result:
      The value returned for "authenticationId" is "anonymous".

      The expectation is based on this code in AugmentScriptExecutor.java:74:

                  // if security context is updated; update the SecurityContextMapper backing store
                  if (!updatedSecurityContext.get(SecurityContextMapper.AUTHENTICATION_ID).isNull()) {
                      securityContextMapper.setAuthenticationId(
                              updatedSecurityContext.get(SecurityContextMapper.AUTHENTICATION_ID).asString());
                  }
      

      This clearly expects the augment script to set the "authenticationId" as part of its response object; when set, the call to securityContextMapper.setAuthenticationId is clearly supposed to result in an updated authenticationId.

        Attachments

          Activity

            People

            • Assignee:
              katie.gonzalez Katie Gonzalez
              Reporter:
              jake.feasel Jake Feasel
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: