[OPENAM-15670] DeviceIdSave auth module initialization fails if username is null Created: 12/Nov/19  Updated: 12/Dec/19  Resolved: 12/Dec/19

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 14.1.2.5, 7.0.0, 14.1.2.11
Fix Version/s: 7.0.0, 6.5.3

Type: Bug Priority: Blocker
Reporter: Bernhard Thalmayr Assignee: Joe Starling
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Oracle JDK 1.8.0_201
Apache Tomcat/9.0.8
AM 6.0.0.6


Attachments: File OPENAM-15670.diff.git    
Issue Links:
Relates
is related to OPENAM-15668 AM withholds NullPointerException dur... Open
is related to OPENAM-15669 NullPointerException in IdCachedServi... Open
Sprint: AM Sustaining Sprint 69, AM Sustaining Sprint 70
Story Points: 5
Support Ticket IDs:

 Description   

Bug description

Initialization of DeviceIdSave auth module fails if username is not present

How to reproduce the issue

  1. Configure AM
  2. Configure the below mentioned auth-chain in some sub-realm
  3. Perform service based authentication
AuthnChain
[name=Certificate] [flag=OPTIONAL] [options=]
[name=DeviceMatch] [flag=SUFFICIENT] [options=]
[name=OTP] [flag=OPTIONAL] [options=]
[name=DeviceSave] [flag=SUFFICIENT] [options=]
[name=LDAP] [flag=REQUISITE] [options=]
[name=DeviceMatch] [flag=SUFFICIENT] [options=]
[name=OTP] [flag=REQUIRED] [options=]
[name=DeviceSave] [flag=REQUIRED] [options=]
Expected behaviour
HOTP auth module should be triggered after submitting credentials for LDAP auth module.
Current behaviour
User is prompted for LDAP credentials a second time.

Code analysis

org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave.java
...
    @Override
    public void init(Subject subject, Map sharedState, Map config) {
...
       amIdentityPrincipal = IdUtils.getIdentity(userName, realm, userSearchAttributes);
...
}


 Comments   
Comment by Bernhard Thalmayr [ 12/Nov/19 ]

proposed fix based on AM 6.0.0.6

Comment by Jonathan Thomas [ 03/Dec/19 ]

Notes: One thing to note is in master we have  FRAAS-861 where the search for alias will happen before the search for name only.

We have to watch this as it also caused https://bugster.forgerock.org/jira/browse/OPENAM-15700

Generated at Thu Sep 24 15:34:15 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.