Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-4025

Unable to modify authenticationId in augmentSecurityContext script

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: OpenIDM 3.2.0
    • Fix Version/s: OpenIDM 3.1.0
    • Component/s: Module - Authorization
    • Labels:
      None

      Description

      I have setup my 3.2.0-SNAPSHOT instance with a X509 authentication. The script called by authentication.json queries managed/user with the email found in the certificate DN and then populates the authorizationId and authenticationId:

              security.authorizationId = {
                  "id": managedUser._id,
                  "component": "managed/user",
                  "roles": managedUser.roles
              };
              security.authenticationId = managedUser._id;
      

      When connecting, the security context does not have authenticationId with the value I set:

      curl --insecure --cert cert.pem --key key.pem 'https://host:8444/openidm/info/login?_prettyPrint=true'
      Enter PEM pass phrase:
      
      {
        "authorizationId" : {
          "id" : "lschwarz",
          "component" : "managed/user",
          "roles" : [ "openidm-authorized", "managed/role/master.logon" ]
        },
        "class" : "org.forgerock.json.resource.SecurityContext",
        "authenticationId" : "EMAILADDRESS=x@in2p3.fr, CN=x, OU=USR6402, O=CNRS, C=FR",
        "parent" : {
          "id" : "e7d5f61b-1b76-4e9d-9c06-95f25927ed02",
          "class" : "org.forgerock.json.resource.RootContext",
          "parent" : null
        }
      }
      

      It should be 'lschwarz', my OpenIDM ID, instead of the DN of my certificate.

      One of the consequence of this is that I cannot assign a task to myself. The access.js makes reference to a function called "isUserCandidateForTask()" which uses authenticationId instead of authorizationId.id and thus returns false.

        Attachments

          Activity

            People

            • Assignee:
              andi Andi Egloff
              Reporter:
              lionel.schwarz@in2p3.fr L Schwarz [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: