Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-5810

Cannot login with OPENAM_SESSION (OpenAM 12.0)

    XMLWordPrintable

Details

    Description

      Successful login through OpenAM is not working correctly and OpenIDM is still redirected to login page.
      Installation of fullstack is done as is described at https://forgerock.org/openidm/doc/bootstrap/samples-guide/index.html#configure-fullstack-uiconfig.
      As I checked logs and authentication.csv file, OpenAM Session failed with cookie and IDM tries to login with anonymous user.
      User used for login is accesible in OpenAM and in OpenIDM (where he have openidm-authorized and openidm-admin roles).

      Authentication.csv audit

      "695edace-dad6-4122-8e49-6f7923e66f1c-735","2016-05-11T13:07:14.009Z","authentication","695edace-dad6-4122-8e49-6f7923e66f1c-732",,"[""1a044d64-0f87-4db4-9ce6-6f557971daa6""]","FAILED","[]","{""ipAddress"":""127.0.0.1""}","[{""moduleId"":""JwtSession"",""result"":""FAILED"",""reason"":{},""info"":{}},{""moduleId"":""OpenAM Session"",""result"":""FAILED"",""reason"":{},""info"":{}},{""moduleId"":""INTERNAL_USER"",""result"":""FAILED"",""reason"":{},""info"":{}}]"
      "695edace-dad6-4122-8e49-6f7923e66f1c-742","2016-05-11T13:07:14.118Z","authentication","695edace-dad6-4122-8e49-6f7923e66f1c-737","anonymous","[""cce16849-2489-4550-871f-e86bff201c82""]","SUCCESSFUL","[""anonymous""]","{""id"":""anonymous"",""component"":""repo/internal/user"",""roles"":[""openidm-reg""],""ipAddress"":""127.0.0.1""}","[{""moduleId"":""JwtSession"",""result"":""FAILED"",""reason"":{},""info"":{}},{""moduleId"":""OpenAM Session"",""result"":""FAILED"",""reason"":{},""info"":{""org.forgerock.authentication.principal"":""anonymous""}},{""moduleId"":""INTERNAL_USER"",""result"":""SUCCESSFUL"",""info"":{""org.forgerock.authentication.principal"":""anonymous""}}]"
      

      Cookie obtained from OpenAM and sent to /openidm/info/login

      00:29:00.520	0.034	584	127	GET	401	application/json	http://openidm.example.com:8081/openidm/info/login
      
      Cookies
      i18next	en			End Of Session
      amlbcookie	01	/	.example.com	End Of Session
      iPlanetDirectoryPro	AQIC5wM2LY4SfcyK74vYufJ_ErzDYXAg9sEfzhRC7iuNssE.*AAJTSQACMDEAAlNLABQtNDI4NDE1MTMxMzQ3OTc1NDMxOQ..*	/	.example.com	End Of Session
      

      authentication.json

      ...
                  {
                      "name" : "OPENAM_SESSION",
                      "enabled" : true,
                      "properties" : {
                          "propertyMapping" : {
                              "authenticationId" : "uid",
                              "userCredential" : "",
                              "groupMembership" : "ldapGroups"
                          },
                          "queryOnResource" : "system/ldap/account",
                          "openamDeploymentUrl" : "http://openam.example.com:8080/openam",
                          "openamUseExclusively" : false,
                          "openamLoginUrl" : "http://openam.example.com:8080/openam/XUI/#login/",
                          "openamLoginLinkText" : "OPENAM",
                          "openamSSOTokenCookieName" : "iPlanetDirectoryPro",
                          "openamUserAttribute" : "uid",
                          "groupComparisonMethod" : "ldap",
                          "truststoreType" : "JKS",
                          "truststoreFile" : "security/truststore",
                          "truststorePassword" : "changeit",
                          "defaultUserRoles" : [
                              "openidm-authorized"
                          ],
                          "augmentSecurityContext" : {
                              "type" : "text/javascript",
                              "globals" : { },
                              "file" : "auth/populateAsManagedUser.js"
                          },
                          "groupRoleMapping" : {
                              "openidm-admin" : [
                                  "cn=idmAdmins,ou=Groups,dc=example,dc=com"
                              ]
                          }
                      }
                  }
      

      Attachments

        Issue Links

          Activity

            People

              huck.elliott Huck Elliott
              michal.orlik@profiq.cz Michal Orlik
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: