[OPENAM-12930] Log in process using Authentication Chain is too slow in Internet Explorer Created: 17/Apr/18  Updated: 20/Apr/18  Resolved: 20/Apr/18

Status: Resolved
Project: OpenAM
Component/s: XUI
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0

Type: Bug Priority: Major
Reporter: Dusan Kovacik [X] (Inactive) Assignee: Phil Ostler [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: AME, Must-Fix, TURING
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

ForgeRock Access Management 6.0.0-SNAPSHOT Build 747fe42b47
Windows 10 (version 1511, build 10586.0)
Internet Explorer 11.309.16299.0
Oracle JDK 1.8.0_162
Apache Tomcat 7.0.82

Issue Links:
Target Version/s:
Needs backport:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
Yes and I used the same an in the description


Bug description

When you want to log in using Authentication Chain in Internet Explorer it asks you to track your physical location, but if you dismiss this dialog you have to wait approximately 30 seconds to continue, because you see a blank page only.

How to reproduce the issue

  1. Log in as an amadmin
  2. Go to Top Realm
  3. Create the Authentication Chain
    1. Create Device Match module
      1. Go to Authentication -> Modules
      2. Click on Add module button
      3. Type DeviceMatch in the Name field and select Device Id (Match) type
      4. Click on the Create button
    2. Create Device Save module
      1. Go back to the Modules list
      2. Click on Add module button
      3. Type DeviceSave in the Name field and select Device Id (Save) type
      4. Click on the Create button
    3. Go to Authentication -> Chains
    4. Click on the Add Chain button
    5. Type deviceChain into the Name field
    6. Click on the Create button
    7. Add DataStore module with Requisite criteria
      1. Click on the Add Module button
      2. Select DataStore module and Requisite criteria
      3. Click on the OK button
    8. Add DeviceMatch module with Sufficient criteria
    9. Add HOTP module with Required criteria
    10. Add DeviceSave module with Required criteria
    11. Click on the Save Changes button
  4. Create an Identity
    1. Click on the Identities menu
    2. Click on the Add Identity button
    3. Type newUser into the Id field and a password into the Password field
    4. Click on the Create button
  5. Log out
  6. Go to http://openam.example.com:8080/openam/XUI/#login/&service=devicechain address
  7. Log in as the newUser user
Expected behaviour
Next screen is displayed immediately
Current behaviour
You have to wait 30 seconds before you can continue

Work around

You can allow the tracking and you can continue immediately

Comment by Phil Ostler [X] (Inactive) [ 17/Apr/18 ]

Dusan Kovacik [X] Andrew Vinall The current behaviour is as-designed, see the following snippet...

// Attempt to collect geo-location information and return this with the data collected so far.
// Otherwise, if geo-location fails or takes longer than 30 seconds, auto-submit the data collected so far.
autoSubmitDelay = 30000;

There is nothing the web spec for locations that states what should happen when the user dismisses this dialog in this way. Browsers have chosen to not fire the failure callback and the current advice is to provide a timeout as we have done. That timeout is 30 seconds.

Three options to resolved this issue:
1) Keep current behaviour
2) Provide a visual feedback to the user (aka an in-progress bar)
3) Lower the timeout.

Please advise, as we have currently implemented the recommended engineering based solution, all be it with a rather long timeout.

Comment by Andrew Vinall [ 18/Apr/18 ]

Bug Triage: Option 2 please Phil Ostler [X]

Generated at Tue Nov 24 06:25:50 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.