[OPENAM-7069] Shared resources with a user are visible by another valid user Created: 07/Oct/15  Updated: 15/Jan/16  Resolved: 15/Jan/16

Status: Resolved
Project: OpenAM
Component/s: UMA, XUI
Affects Version/s: 13.0.0
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: hadi hahmadi Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Ubuntu 14 64-bit, Tomcat7, OpenAM 13.0.0 build Oct 2, 2015

Target Version/s:

  • Configured OAuth2 provider, UMA providers, and OAuth2 agent (aka RS).
  • Created resource_set myDevice for user Alice and RS.
  • Authenticated to Alice's account on OpenAM, browsed to "Resources", clicked on myDevice and shared it with Bob. All went OK.
  • Authenticated to Ted's account on OpenAM, browsed to "Resources", clicked on "Shared with me" and found myDevice!!!

This is happening while trying to get "permission_ticket" for Ted is rejected by OpenAM, saying resource is not shared (which is as expected).

Not sure if it matters, but users are created in the embedded DJ via LDAP queries (and not from OpenAM console).

Comment by Emma Rumsey [X] (Inactive) [ 15/Jan/16 ]

Tested in the final 13.0.0 RC on Friday 15th January

Generated at Fri Oct 23 08:40:51 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.