[OPENAM-5721] WindowsDesktopSSO trusted realm list doesn't work Created: 25/Mar/15  Updated: 02/Aug/16  Resolved: 16/Oct/15

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 11.0.3
Fix Version/s: 12.0.3, 13.0.0

Type: Bug Priority: Minor
Reporter: Jari Ahonen Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 0.5h
Original Estimate: Not Specified

Issue Links:
relates to OPENAM-9407 Backport OPENAM-7556 to 12.0.x Resolved
is related to OPENAM-4923 Update Windows Desktop SSO module to ... Resolved
Target Version/s:
Sprint: AM Sustaining Sprint 13


The new trusted realms list functionality in OpenAM 11.0.3 WindowsDesktopSSO auth module is broken. Only the first realm in the list will work.

The reason is that the trusted realm checking logic in WindowsDesktopSSO.java lines 285-291 causes the authentication to fail when it encounters the first non-matching realm on the list (whenever isTokenTrusted() returns false). It should check all the realms on the list and only fail if none of them match.

Generated at Sun Jan 17 15:42:38 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.