[OPENAM-10278] arg=newsession does not handle Authentication Chain and redirects to service=adminserviceconsole Created: 21/Dec/16  Updated: 04/Oct/17  Resolved: 25/Jan/17

Status: Resolved
Project: OpenAM
Component/s: authentication, session
Affects Version/s: 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0
Fix Version/s: 12.0.5, 13.5.1, 14.5.0, 14.1.2

Type: Bug Priority: Major
Reporter: David Bate Assignee: Mark de Reeper
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|hzsoun:
Sprint: AM Sustaining Sprint 33
Story Points: 2
QA Assignee: Filip Kubáň [X] (Inactive)
Verified Version/s:


When using arg=newsession with an authentication chain (service=) in the url, the authentication chain is lost and the auth chain shows service=adminserviceconsole rather then the service specified, with XUI turned off.

Steps to reproduce utilizing the default ldapService authentication chain.

Create realm "employees"

2. create ream "engineering"

3. In browser with cleared history/cookies go to this URL:


and login.

4. Then go here:


notice how you are redirected to:


Seen on 12.0.0 --> 13.5.0

Comment by David Bate [ 21/Dec/16 ]

When trying with XUI, the service that is specified is retained, this would be what is returned in step 5 above:

Comment by Filip Kubáň [X] (Inactive) [ 03/May/17 ]

Verified on OpenAM 13.5.1-RC2 Build 149fc42dac (2017-April-20 08:29)

Comment by Ľubomír Mlích [ 04/Oct/17 ]

Verified on OpenAM 14.1.2-M1 Build ec49e2d3c5 (2017-October-03 13:59)

Generated at Tue Mar 02 14:08:15 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.