Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-7978

Full Stack sample: user is able to log in using admin page but appears to not be able



    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 5.0.0, OpenIDM 5.5.0
    • Fix Version/s: OpenIDM 5.5.0
    • Component/s: _Samples, Module - Web UI
    • Environment:
      AM-5.0.0-RC1, DS-5.0.0-RC6 and (IDM-5.0.0-RC10 or openidm-5.5.0-SNAPSHOT build #2522, rev e36a37c of 28-Mar-2017).


      If I am logged in to IDM as amadmin (via the AM login page), then log out, I am redirected to
      http://openam.example.com:8081/openam/XUI/?realm=%2F&goto=http%3A%2F%2Fopenam.example.com%3A8081%2Fopenam%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26scope%3Dopenid%26redirect_uri%3Dhttp%253A%252F%252Fopenidm.example.com%253A8080%252Fadmin%252FoauthReturn.html%26state%3Dlogin%2526provider%253DOPENAM%2526redirect_uri%253Dhttp%253A%252F%252Fopenidm.example.com%253A8080%252Fadmin%252FoauthReturn.html%2526gotoURL%253D%2523%26nonce%3Ds8sfz0gncx%26client_id%3Dopenidm#login/. Note the "/admin" in the redirect_url.

      If I then attempt to log in as jdoe, I get redirected to http://openidm.example.com:8080/admin/#, which says "Unauthorized", "Access denied" with "Login Again" and "Go Back" buttons and a "Forbidden request error" popup. If I click the "Login Again" button and again attempt to log in as jdoe, I get the same result. If I click the "Go Back" button, I get redirected to http://openidm.example.com:8080/admin/#&code=a92ffdea-0ef0-4826-8cba-ff796e55bc1d, which displays "Page not found" and a "Forbidden request error" popup.

      The workaround: if at any point I remove the /admin and anything following it from the URL, I see I am actually logged in as jdoe.

      OTOH, if I log out of a user, like jdoe, I can log back in with no problem. (The URL is
      http://openam.example.com:8081/openam/XUI/?realm=%2F&goto=http%3A%2F%2Fopenam.example.com%3A8081%2Fopenam%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26scope%3Dopenid%26redirect_uri%3Dhttp%253A%252F%252Fopenidm.example.com%253A8080%252FoauthReturn.html%26state%3Dlogin%2526provider%253DOPENAM%2526redirect_uri%253Dhttp%253A%252F%252Fopenidm.example.com%253A8080%252FoauthReturn.html%2526gotoURL%253D%2523%26nonce%3Dni2i5l43l7b%26client_id%3Dopenidm#login/, without the "/admin"). I can also log into amadmin here, which displays openidm-admin's profile view, and as long as I don't change to the Admin View, I can log out and log back in as jdoe with no problem.


          Issue Links



              • Assignee:
                huck.elliott huck.elliott
                GErickson Garyl Erickson
                QA Assignee:
                Garyl Erickson
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: