[OPENAM-5387] XUI does not pick up realm if formatted to RFC3986 specs Created: 31/Dec/14  Updated: 20/Nov/16  Resolved: 20/Nov/16

Status: Closed
Project: OpenAM
Component/s: XUI
Affects Version/s: 12.0.0
Fix Version/s: 13.0.0

Type: Bug Priority: Minor
Reporter: Sam Fraser Assignee: Phil Ostler [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: AME, TESLA, XUI
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
Depends
is required by OPENAM-2780 XUI should handle the realm parameter... Closed
Relates
relates to OPENAM-5774 XUI doesn't specify realm when using ... Closed
relates to OPENAM-5476 Document Realm Behaviour/Handling in ... Resolved
Sub-Tasks:
Key
Summary
Type
Status
Assignee
OPENAM-5475 Code Review Sub-task Closed Phil Ostler [X]  
OPENAM-5479 Code Review Feedback Sub-task Closed Phil Ostler [X]  
OPENAM-5483 Get new testing library Squire upload... Sub-task Closed Phil Ostler [X]  
OPENAM-5494 Refactor Unit Tests Sub-task Closed Phil Ostler [X]  
Sprint: Sprint 77 - Team Tesla, Sprint 78 - Team Tesla, Sprint 79 - Team Tesla
Support Ticket IDs:

 Description   

If OpenAM login URL is formatted:

http://host3.example.com:8081/openam/XUI/?realm=testRealm#login/

Which conforms to RFC3986 specs, ie)

URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
example: foo://example.com:8042/over/there?name=ferret#nose

The realm is ignored and top level realm is used for auth.

The standard works fine.

http://host3.example.com:8081/openam/XUI/#login/realm=testRealm



 Comments   
Comment by Sam Fraser [ 03/Jan/15 ]

It appears there are 2 issues.

1) currently XUI/org/forgerock/commons/ui/common/util/UIUtils.js will overwrite any query params if there is a '&' after the '#' char in the URL

I have fixed this by appending query params found after the hashtag to the existing ones in obj.getCurrentUrlQueryParameters function instead of replacing them.

2) The "realm" query param will work if before the hash if the URL does not end in a '/'

The trailing '/' is interpreted as the realm, even if realm is also a query parameter.

http://host3.example.com:8081/openam/XUI/?realm=testRealm#login will authenticate against the testRealm realm.

http://host3.example.com:8081/openam/XUI/?realm=testRealm#login/ will authenticate against the / realm.

http://host3.example.com:8081/openam/XUI/#login/&realm=testRealm will authenticate against the testRealm realm, but a "Page not found" error is returned when the user logs out of the User Dashboard.

Since the realm can be specified in 2 places, we will need to determine which takes precedence.

host3.example.com:8081/openam/XUI/?realm=realmA#login/realmB (realmA or realmB)

Comment by Julian Kigwana [X] (Inactive) [ 23/Jan/15 ]

The note in the doc at http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index.html#authn-from-browser says for the JavaScript-based XUI, the corresponding URL would be subtly different: http://openam.example.com:8080/openam/XUI/#login/&arg=newsession.

Comment by Julian Kigwana [X] (Inactive) [ 23/Jan/15 ]

Please document the current behaviour of realms.

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Generated at Sun Jan 24 19:05:55 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.