[OPENAM-13796] PAP does not execute if set at a chain level Created: 17/Oct/18  Updated: 17/Oct/18  Resolved: 17/Oct/18

Status: Closed
Project: OpenAM
Component/s: session
Affects Version/s: 6.0.0.4, 6.1.0
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Darinder Shokar Assignee: Unassigned
Resolution: Not a defect Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Bug description

If a PAP is deployed and set at the Realm > Realm Name > Authentication > Chains > chain name > Settings level. It does not execute. However if it is set at the Realm > Realm Name > Authentication > Settings > Post Authentication Processing > Authentication Post Processing Classes level the PAP does successfully execute.

How to reproduce the issue

1. Deploy the attached openam-post-auth-sample-6.0.0.jar to WEB-LIB/lib of AM6 instance
2. Login to AM, and create a chain called chain1 containing DataStore as REQUIRED
3. Goto Realm > Realm Name > Authentication > Chains > chain1 > Settings and add com.forgerock.openam.examples.SamplePAP to the Post Authentication Processing Class section.
4. From within the realm add the Session Property Whitelist Service and add Property1, Property2, Property3 all the way up to Property9
5. Restart AM
Edit the attached authN_Get_Session_Props_AM10.sh script to reflect the target FQDN of AM
6. Execute authN_Get_Session_Props_AM10.sh
7. Within the debug directory there will be a timestamped Authentication file showing the failure scenario
8. Now make the PAP work; add com.forgerock.openam.examples.SamplePAP to Realm > Realm Name > Authentication > Settings > Post Authentication Processing > Authentication Post Processing Classes
9. Repeat step 6 and 7

Expected behaviour
PAP executes when set at a chain level
Current behaviour
PAP does not execute:

When PAP set at chain level:

  "properties": {
    "Property5": "",
    "AuthLevel": "10",
    "Property6": "",
    "Property4": "",
    "Property3": "",
    "Property2": "",
    "Property1": "",
    "AMCtxId": "f6542b77-f2f9-4ac1-96f4-45fbc25a5289-1753",
    "Property9": "",
    "Property8": "",
    "Property7": ""
  },
  "maxSessionExpirationTime": "2018-10-17T14:31:38Z",
  "maxIdleExpirationTime": "2018-10-17T13:01:39Z",
  "latestAccessTime": "2018-10-17T12:31:39Z",
  "realm": "/",
  "universalId": "id=amadmin,ou=user,dc=cfgstore,dc=bbc,dc=co,dc=uk",
  "username": "amadmin"
}

When PAP set at realm level:
{
  "properties": {
    "Property5": "vr34vcvrgt",
    "AuthLevel": "10",
    "Property6": "435lrjkn4kj5",
    "Property4": "454354gdf4",
    "Property3": "34kjnfkrfgf",
    "Property2": "345kjnfr4",
    "Property1": "",
    "AMCtxId": "f6542b77-f2f9-4ac1-96f4-45fbc25a5289-1823",
    "Property9": "",
    "Property8": "435ljnfr4",
    "Property7": "435jk4hnjf4"
  },
  "maxSessionExpirationTime": "2018-10-17T14:35:42Z",
  "maxIdleExpirationTime": "2018-10-17T13:05:43Z",
  "latestAccessTime": "2018-10-17T12:35:43Z",
  "realm": "/",
  "universalId": "id=amadmin,ou=user,dc=cfgstore,dc=bbc,dc=co,dc=uk",
  "username": "amadmin"
}

Work around

None

Code analysis

Looks to be a regression of https://bugster.forgerock.org/jira/browse/OPENAM-9979 and has been noted as already not working for trees here https://bugster.forgerock.org/jira/browse/AME-15760

org.forgerock.$className.java
...


 Comments   
Comment by Darinder Shokar [ 17/Oct/18 ]

Sessions API changed between 5 and 6. When I modified to 6 works fine.

Generated at Mon Nov 30 13:24:11 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.