[OPENAM-5541] Resource based auth doesn't work in sub realm Created: 12/Feb/15  Updated: 20/Nov/16  Resolved: 12/Jun/15

Status: Resolved
Project: OpenAM
Component/s: authentication, policy
Affects Version/s: 11.0.1, 11.0.2, 12.0.0
Fix Version/s: 11.0.4, 12.0.3

Type: Bug Priority: Major
Reporter: Sachiko Wallace Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
is related to OPENAM-5451 Resource based authentication does no... Resolved
Rank: 1|hzlplr:
Support Ticket IDs:

 Description   

You will need to disable XUI because of OPENAM-3135

To reproduce:

When accessing the protected resource, you will get "An internal authentication error has occurred." error.

amLoginViewBean:02/13/2015 08:45:17:705 AM NZDT: Thread[http-18080-1,5,main]
getLoginDisplay exception:
java.lang.NullPointerException
        at com.sun.identity.entitlement.ReferralPrivilege.evaluate(ReferralPrivilege.java:489)
        at com.sun.identity.entitlement.PrivilegeEvaluator$PrivilegeTask.run(PrivilegeEvaluator.java:423)
        at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:335)
        at com.sun.identity.entitlement.PrivilegeEvaluator.evaluate(PrivilegeEvaluator.java:248)
        at com.sun.identity.entitlement.Evaluator.evaluate(Evaluator.java:216)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecisionE(PolicyEvaluator.java:872)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecision(PolicyEvaluator.java:819)
        at com.sun.identity.policy.PolicyEvaluator.getPolicyDecisionIgnoreSubjects(PolicyEvaluator.java:2444)
        at com.sun.identity.policy.ProxyPolicyEvaluator.getPolicyDecisionIgnoreSubjects(ProxyPolicyEvaluator.java:257)
        at com.sun.identity.policy.util.PolicyDecisionUtils.getActionDecision(PolicyDecisionUtils.java:135)
        at com.sun.identity.policy.util.PolicyDecisionUtils.doResourceIPEnvAuth(PolicyDecisionUtils.java:122)
        at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:479)
        at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:419)
        at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:911)
        at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862)
        at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)


 Comments   
Comment by Sachiko Wallace [ 12/Feb/15 ]

The cause is similar to OPENAM-5451, but it seems like resource based auth never worked for subrealms

Comment by Sachiko Wallace [ 12/Jun/15 ]

ReferralPrivilege no longer exists in OpenAM 13

Generated at Sat Feb 27 03:06:07 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.