Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11825

Passthrough auth module user authenticated although query response returned was ambiguous

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.0
    • Labels:
    • Environment:
      OpenIDM version "6.5.0-SNAPSHOT" (build: 20181002130438, revision: a42bf4c) jenkins-OpenIDM-build-master-563
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      5
    • Sprint:
      OpenIDM Sprint 6.5-10.1

      Description

      Authentication should not be successful if request returns an ambiguous result for the user

      Steps
      1. set up IDM to recon users and groups from AD
      2. configure AD provisioner file such that baseContexts overlapped, example

      "baseContexts" : [
                  "DC=internal,DC=test3,DC=forgerock,DC=com",
                  "CN=Users,DC=internal,DC=test3,DC=forgerock,DC=com"
              ]
      

      3. log in with "Administrator" - DN = CN=Administrator,CN=Users,DC=internal,DC=test3,DC=forgerock,DC=com

      Expected Results:
      authentication fails and user not logged in

      Actual Results:
      felix console shows

      [161] Oct 03, 2018 9:03:55.203 AM org.forgerock.openidm.auth.impl.modules.AbstractModuleWrapper lambda$initializeLocalVariables$0
      WARNING: Access denied, user detail for retrieved was ambiguous.
      

      but user is logged in with default role "internal/role/openidm-authorized"

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              markg Mark Gibson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: