[OPENAM-14115] Sample Auth module does not work in a chain when used with Shared-state Created: 12/Dec/18  Updated: 28/Jun/19  Resolved: 25/Dec/18

Status: Resolved
Project: OpenAM
Component/s: samples
Affects Version/s: 6.0.0,,,,
Fix Version/s: 6.5.1, 6.0.1, 5.5.2, 7.0.0

Type: Bug Priority: Major
Reporter: C-Weng C Assignee: C-Weng C
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Sprint: AM Sustaining Sprint 58
Story Points: 2
Needs backport:
Support Ticket IDs:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
Yes and I used the same an in the description


Bug description

Putting the Sampleuth as the 2nd module in a chain and setting shared-state causes the authentication not to work
and throws

amAuth:12/12/2018 09:27:51:157 AM SGT: Thread[http-nio-8080-exec-4,5,main]: TransactionId[d00216fa-3ead-45e7-acfb-8dab6ad9eb82-4419]
amAuth:12/12/2018 09:27:51:157 AM SGT: Thread[http-nio-8080-exec-4,5,main]: TransactionId[d00216fa-3ead-45e7-acfb-8dab6ad9eb82-4419]
Exception :
com.sun.identity.authentication.spi.AuthLoginException: Invalid module state: 2
        at com.sun.identity.authentication.spi.AMLoginModule.substituteHeader(AMLoginModule.java:831)
        at org.forgerock.openam.examples.SampleAuth.substituteUIStrings(SampleAuth.java:165)
        at org.forgerock.openam.examples.SampleAuth.process(SampleAuth.java:109)
        at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1082)
        at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1208)

How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

  1. Compile the AM sample custom auth module and deploy it and create user test1 too
  2. Create a new chain
  3. Add DataStore as first moddule (REQUIRED)
  4. Add Sample Auth module to 2nd module with the shared-stated behaviour enabled
  5. Try to access this chain
Expected behaviour
The chain works for testing the sample auth
Current behaviour
The chain fails even for normal demo user

Work around

The example needs to be update to be more correct and reflect how this may be used when Callbacks
is replaced or used in a chain. Eg like in LDAP.java

@@ -106,6 +106,8 @@ public class SampleAuth extends AMLoginModule {
             case STATE_BEGIN:
                 // No time wasted here - simply modify the UI and
                 // proceed to next state
+                setForceCallbacksRead(true);
+                forceCallbacksInit();
                 return STATE_AUTH;

The following may be needed when used in module that has shared state enabled
to initialize the Callback list the first time. (or if any callback is changed).

Generated at Sun Sep 27 23:20:26 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.