Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-1257

The PolicyEnforcementFilter does not recover from problems authenticating with OpenAM

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.5.0, 5.0.0
    • Fix Version/s: 5.0.0
    • Component/s: OpenAM
    • Labels:
    • Environment:
      OpenIG v4.5 and OpenAM 13.0
    • Support Ticket IDs:
    • Sprint:
      OpenIG Sprint 89

      Description

      If OpenAM is slow to respond, or is down, when the authentication request is made from the PolicyEnforcementFilter and an exception is thrown from the underlying HTTP framework, the state of the isTokenValid stays at true so subsequent requests always return a 500 status.

                          // Re-check state because another thread might have
                          // acquired write lock and changed state before we did.
                          if (!isTokenValid) {
                              token = createSsoToken(context);
                              isTokenValid = true;
                         }
      

      The state of the token returned from createSsoToken() is not checked before setting isTokenValid to true.

      Example error message:

      ERROR o.f.h.apache.async.AsyncHttpClient - Failed to obtain response for http://openam.example.com:8080/openam/json/authenticate

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                markdr Mark de Reeper
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: