[OPENAM-4344] OAuth2 SAML bearer grant does not work Created: 15/Aug/14  Updated: 20/Nov/16  Resolved: 13/Apr/15

Status: Resolved
Project: OpenAM
Component/s: oauth2
Affects Version/s: 11.0.0, 12.0.0
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Javed Shah Assignee: Quentin CASTEL [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backport
Relates
relates to OPENAM-6552 access_token request sent by OAuth2Sa... Resolved
Target Version/s:
Support Ticket IDs:
Verified Version/s:

 Description   

The SP adapter does not pass the realm to the access_token endpoint; only client_id, grant_type and assertion are sent.

User has setup SAML 2.0 bearer assertion profile for OAuth 2.0 under a sub-realm. IDP-inited single sign on succeeds but the /access_token endpoint returns:

{"error_description":"Client authentication failed","error":"invalid_client"}

EDIT:

The SAML 2.0 bearer was not bind. This issue also affected the top realm. The current fix only bind the SAML bearer which solve the issue on the top realm. However, the issue still exist on the realm : see OPENAM-6552



 Comments   
Comment by Anonymous [ 07/Nov/14 ]

This issue was previously scheduled to be worked on in more than one sprint:

  • 'Sprint 68 candidates' (on board 'AME Agile Board')
  • 'Sprint 3' (on board 'Agile Sandbox Board')
  • 'Sprint 71 - Team Tesla' (on board 'AM Agile Board - Team Tesla')

Starting from JIRA Agile 6.3, an issue can only belong to a single future sprint. Read more about this change: http://docs.atlassian.com/agile/docs-066/Sprint+Marker+Migration

This issue is now scheduled for future sprint 'Sprint 68 candidates' (on board 'AME Agile Board').

If this is incorrect, please update the issue accordingly.

This comment was automatically generated by JIRA. If it is no longer relevant, please feel free to delete it.

Comment by Anonymous [ 07/Nov/14 ]

This issue was previously scheduled to be worked on in more than one sprint:

  • 'Sprint 3' (on board 'Agile Sandbox Board')
  • 'Sprint 71 - Team Tesla' (on board 'AM Agile Board - Team Tesla')

Starting from JIRA Agile 6.3, an issue can only belong to a single future sprint. Read more about this change: http://docs.atlassian.com/agile/docs-066/Sprint+Marker+Migration

This issue is now scheduled for future sprint 'Sprint 71 - Team Tesla' (on board 'AM Agile Board - Team Tesla').

If this is incorrect, please update the issue accordingly.

This comment was automatically generated by JIRA. If it is no longer relevant, please feel free to delete it.

Comment by Nathalie Hoet [ 30/Mar/15 ]

Also affects top realm

Comment by Quentin CASTEL [X] (Inactive) [ 13/Apr/15 ]

Fixed in 13.0.0 r13401
Fixed in 12.0.1 r13402

Comment by Filip Kubáň [X] (Inactive) [ 24/Apr/15 ]

Verified on OpenAM 12.0.1 Build 13446 (2015-April-14 19:08)

Generated at Tue Oct 27 00:59:14 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.