[OPENAM-15307] Trees Example is not working as expected OOTB to ?service=Example Created: 03/Aug/19  Updated: 23/Jun/20  Resolved: 29/Aug/19

Status: Closed
Project: OpenAM
Component/s: trees
Affects Version/s: 6.5.2
Fix Version/s: 6.0.1, 5.5.2, 7.0.0, 6.5.3

Type: Bug Priority: Major
Reporter: Ashley Hale Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File 41902-Error-On-Example-Tree.png    
Issue Links:
relates to OPENAM-15388 Session upgrade from AuthN tree to in... Resolved
Sprint: AM Sustaining Sprint 66
Story Points: 3
Needs backport:
Support Ticket IDs:
Verified Version/s:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
Yes and I used the same an in the description


Bug description

Trying to isolate the difference between chains and trees or why is it acting different here?

How to reproduce the issue


  1. Install AM 6.5.2 OOTB (using embedded DS for all DataStores)
        NAME! subscribers
        DNS: subscribers.example.com
  2. ADD Identity
        NAME! anonymous
         PW! changeit
  3. ADD AuthN Module 
        NAME! "Anonymous-41902"
         TYPE! Anonymous Valid Anon
         Users: demo ahale anonymous
  4. ADD Chain
         NAME! "41902-Anonymous"
          ADD Module: Anonymous-41902
          REQUIRED Save Changes

Confirm you can login to subscribers long and short URLs:

Test (adjust URI to you env)

  1. Put AM in debug=Message, clear cookie-cache, shutdown server, clear logs and restart.
  2. Paste URL to Anonymous
    Login anonymous user to Anonymous AuthN Module
    This will land on the anonymous User profile. DO NOT LOGOUT.
  3. Paste URL to Tree
    Login demo user to Example Tree
    This will fail (see screenshot). DO NOT LOGOUT.
  4. Paste URL to LDAP
    Login demo user to default ldapService
    This will land on the demo User profile.  LOGOUT, shutdown and check the <debug> logs.
Expected behaviour
User logs in as expected via the service=NAME!
Current behaviour
The default OOTB ldapService and added Anonymous Modules land on User profile page as expected, but the Example OOTB Tree Fails.

Work around


Comment by Ľubomír Mlích [ 23/Jun/20 ]

Reproduced in ForgeRock Access Management 6.5.2 Build 314d553429 (2019-June-17 15:07) - I see authentication error
Verified as fixed in ForgeRock Access Management 6.5.3-M5 Build c61acc98e9 (2020-June-15 10:38) - I can login

Generated at Sat Nov 28 11:13:39 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.