[OPENAM-14643] OIDC Dynamic Client Registration registration_client_uri does not work for root realm Created: 19/Mar/19  Updated: 29/Jul/19  Resolved: 18/Apr/19

Status: Closed
Project: OpenAM
Component/s: OpenID Connect
Affects Version/s: 7.0.0
Fix Version/s: 6.5.2, 6.0.1, 5.5.2, 7.0.0

Type: Bug Priority: Major
Reporter: C-Weng C Assignee: C-Weng C
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
is related to OPENAM-14642 OIDC Dynamic Client Registration regi... Closed
Target Version/s:
Sprint: AM Sustaining Sprint 61, AM Sustaining Sprint 62
Story Points: 2
Needs backport:
No
Verified Version/s:
Needs QA verification:
Yes
Functional tests:
No
Are the reproduction steps defined?:
Yes and I used the same an in the description

 Description   

Bug description

Creating a dynamic client registration and checking the registration_client_uri shows that it has <url>/oauth2/oauth2/register?client_id=<value> and this does not work. There is no issues with subrealm (it is accessible) but yet not so right and is <url>/oauth2/realms/root/realms/subrealm/oauth2/register?client_id=<value>

 This does not affect 6.5.x.

How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

  1. Install OAuth2/OIDC provide with dynamic client registration
  2. Create a new Client registration
  3. Check the generated client's registration_client_uri
Expected behaviour
The registration_client_uri is correct on the root realm and subrealm
Current behaviour
The root realm's registration_client_uri is wrong and cannot be access. Although the subrealm registration_client_uri works it has a redundant /oauth2.

Work around

Do not work on / realm

Code analysis

DynamicClientRegistraionService.java
Find the "/oauth2/register?client_id=" and remove "/oauth2"

Test suggest this will work for both root realm/subrealm. This problem is seen after the Restlet removal.



 Comments   
Comment by Filip Kubáň [X] (Inactive) [ 03/May/19 ]

Verified on: ForgeRock Access Management 6.5.2-M1 Build 7c804d6416 (2019-April-26 13:17)

Client registration works in root realm as well as in subrealm with correct uri.

Generated at Mon Nov 30 01:40:46 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.