[OPENAM-6553] Fix Social Authentication in subrealms Created: 10/Aug/15  Updated: 20/Nov/16  Resolved: 16/Nov/15

Status: Resolved
Project: OpenAM
Component/s: oauth2
Affects Version/s: 12.0.0, 12.0.1
Fix Version/s: 12.0.3, 13.0.0

Type: Bug Priority: Critical
Reporter: Bas Steen Assignee: Peter Major [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 7h
Original Estimate: Not Specified

Issue Links:
relates to OPENAM-7348 Social Authentication links are broke... Resolved
relates to OPENAM-7636 SAML2 redirects from Idp to subrealm ... Resolved
is related to OPENAM-7302 OAuth2 authentication module fails on... Resolved
Sprint: AM Sustaining Sprint 14
Support Ticket IDs:


Social Authentication is broken in OpenAM 12.01.
you see the result of the /json/authentication post call instead of getting redirected to the profile page (or the goto if you have specified one)

Steps to reproduce:
1. configure Google for social authentication and set it up as the default chain in a subrealm
2. start incognito window, navigate to AM login page of the subrealm
3. you get redirected to Google
4. Login at google
5. You get redirected back to OpenAM but only see the result of rest call in the browser

Comment by Peter Major [X] (Inactive) [ 04/Nov/15 ]

Setting up social authn in a subrealm is what really triggers this bug. If the XUI login page is accessed using the #login/subrealm format, then the resulting REST calls will have URIs like /json/subrealm/authenticate, which will mean that the "hack" for XUI in OAuth:

 if (requestedURI.contains("/json/authenticate")) {
     requestedURI = requestedURI.replace("/json/authenticate", "");

will not work.

This bug is not specific to 12.0.1, 12.0.0 should behave the same way in a subrealm with XUI enabled.

Generated at Thu Jan 21 23:58:13 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.