[OPENAM-13013] ScriptException in Device ID flow on re-authentication Created: 27/Apr/18  Updated: 01/May/18  Resolved: 01/May/18

Status: Resolved
Project: OpenAM
Component/s: scripting
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0

Type: Bug Priority: Major
Reporter: Jonathan Thomas Assignee: Rebecca Hayling [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: AME, Must-Fix
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Rank: 1|hzvvgn:
Needs backport:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
Yes and I used the same an in the description


Bug description

The following error is being seen in Core Debug once re-authenticating in a chain using DeviceID modules and Device ID match seems to fail.

org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:04/27/2018 12:30:56:549 PM BST: Thread[http-nio-8080-exec-10,5,main]: TransactionId[7138dd7c-7591-42b4-8967-7765ce752362-178518]
ERROR: Script terminated with exception
java.util.concurrent.ExecutionException: javax.script.ScriptException: Can't find method java.util.HashMap.put(string,java.lang.Integer,number). (<Unknown source>#746) in <Unknown source> at line number 746 at column number 0
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
	at org.forgerock.openam.authentication.modules.scripted.Scripted.evaluateServerSideScript(Scripted.java:165)
	at org.forgerock.openam.authentication.modules.scripted.Scripted.process(Scripted.java:143)
	at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1091)
	at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1289)
	at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43

How to reproduce the issue

Latest build of AM:6.0.0  27th April

NB: I have upgraded from last RC build- not a clean install.

1. Setup a realm
2. Setup a chain in realm and set as default for that realm

  • DataStore (Requisite) 
  • DeviceIdMatch (sufficient)
  • DeviceIdSave (Required/Requisite) to highlight failure

3. Login initially as demo: Save device profile

4. Logout and re-authenticate

Expected behaviour
Device ID Match module should be invoked : match and login should succeed.
Current behaviour

Login fails

ScriptException is thrown in logs.

In my test case  Device ID save also fails  : potentially due to NPE when trying to fetch device profile


Work around


Code analysis

Possibly related to https://bugster.forgerock.org/jira/browse/OPENAM-12226

There following was added to deviceidMatch-serverside.js script


HashMap selectedProfile = new HashMap();
selectedProfile.put("selectionCounter", java.lang.Integer.valueOf(parseInt(selectedProfile.get("selectionCounter")) + 1), 10);  <--
selectedProfile.put("lastSelectedDate", java.lang.Long.valueOf(new Date().getTime()));`



  • Navigating to Global Services -> Scripting -> Secondary Configurations -> AUTHENTICATION_SERVER_SIDE -> Secondary Configurations -> EngineConfiguration -> Java class whitelist throws "Not Found Error" in UI


Generated at Tue Mar 09 11:11:49 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.