Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-7108

Password Reset Token issued by one process cannot be validated by a different process

    Details

      Description

      1. Start instance of OpenIDM 5.0.0-SNAPSHOT
      2. Configure Outbound Email Service
      3. Configure Password Reset
      4. Create a Managed User w/Password
      5. Login as the newly create Managed User and configure Security Answers
      6. Logout and initiate Password Reset flow
      7. After receiving the Password Reset email with token
        1. Shutdown the OpenIDM instance
        2. Re-start the OpenIDM instannce
      8. Click the Password Reset link to initiate the Reset

      Validation of the Password Reset token will fail with the following:

      Caused by: org.forgerock.json.jose.exceptions.JweDecryptionException: Decryption failed
             	at org.forgerock.json.jose.jwe.handlers.encryption.AbstractEncryptionHandler.decrypt(AbstractEncryptionHandler.java:109)
             	at org.forgerock.json.jose.jwe.handlers.encryption.AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler.decryptContentEncryptionKey(AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler.java:206)
             	at org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES128CBCHS256EncryptionHandler.decryptContentEncryptionKey(RSA15AES128CBCHS256EncryptionHandler.java:28)
             	at org.forgerock.json.jose.jwe.EncryptedJwt.decrypt(EncryptedJwt.java:182)
             	at org.forgerock.json.jose.jws.SignedEncryptedJwt.decrypt(SignedEncryptedJwt.java:85)
             	at org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler.validateAndExtractClaims(JwtTokenHandler.java:142)
             	at org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler.validateAndExtractState(JwtTokenHandler.java:124)
             	... 111 more
      

      The same problem exists if you attempt to use the Password Reset token on a cluster node other than the one which generated the token.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                brmiller Brendan Miller
                Reporter:
                cgdrake Chris Drake
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: