Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13314

CLIENT_CERT doesn't concat authzRoles to defaultUserRoles

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      1
    • Sprint:
      2019.8 - IDM
    • Support Ticket IDs:
    • Zendesk ID:
      40008

      Description

      To reproduce this issue

      1. Add a testing authzRole to a managed/user

      /openidm/managed/user/8db074e3-6ce6-4cfa-8009-fdd033e939a5?_fields=id,userName,authzRoles

      {
          "_id": "8db074e3-6ce6-4cfa-8009-fdd033e939a5",
          "_rev": "1",
          "userName": "jdoe",
          "authzRoles": [
              {
                  "_ref": "internal/role/openidm-authorized",
                  "_refResourceCollection": "internal/role",
                  "_refResourceId": "openidm-authorized",
                  "_refProperties": {
                      "_id": "01694ef5-af82-4131-80d5-ea5c85332ad4",
                      "_rev": "0"
                  }
              },
              {
                  "_ref": "internal/role/c14fdb36-3567-4fed-a6f3-1b58931d33f5",
                  "_refResourceCollection": "internal/role",
                  "_refResourceId": "c14fdb36-3567-4fed-a6f3-1b58931d33f5",
                  "_refProperties": {
                      "_id": "ab23dd30-475e-41fc-8021-bce61f064627",
                      "_rev": "0",
                      "_grantType": ""
                  }
              }
          ]
      }
      

      2. Set up client_cert authentication module and use client_cert to authenticate this user.

      3. /openidm/info/login shows the defaultUserRoles. The testing authzRole internal/role/c14fdb36-3567-4fed-a6f3-1b58931d33f5 is missing from the output

      $ curl --cert-type PEM --insecure --key key.pem -key-type PEM --tlsv1.2 --cert ./jdoecert.pem https://openidm.example.com:18444/openidm/info/login

      {"_id":"login","authenticationId":"EMAILADDRESS=jdoe@example.com, CN=Test, OU=Test, O=Test, L=Default City, ST=Test, C=TE","authorization":{"component":"managed/user","authLogin":false,"roles":["internal/role/openidm-cert","internal/role/openidm-authorized"],"ipAddress":"127.0.0.1","id":"8db074e3-6ce6-4cfa-8009-fdd033e939a5","moduleId":"CLIENT_CERT"}}
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                travis.haagen Travis Haagen
                Reporter:
                yinyan.cao Yinyan Cao
                QA Assignee:
                Vojtech Zamecnik [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: