[OPENAM-8292] PostAuthentication onLogonSuccess/Error should be trigger for only actual user logon Created: 05/Feb/16 Updated: 27/Apr/17 Resolved: 27/Apr/17
|Affects Version/s:||12.0.0, 12.0.1, 12.0.2, 13.0.0|
|Fix Version/s:||12.0.5, 13.5.1, 14.5.0|
|Reporter:||C-Weng C||Assignee:||Gene Hirayama|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
OpenAM 12.0.x and 13
|Epic Link:||Docs: Support Tickets|
|Support Ticket IDs:|
When a sample PostAuth onLogonSuccess (AMPostAuthProcessInterface)
Hence "onLogonSuccess method should not get invoked unless there is an actual user login event occurring"
|Comment by Peter Major [X] (Inactive) [ 07/Nov/16 ]|
This is expected behavior. If the PAP is configured in the top level realm at the realm level, it will be invoked for all sorts of authentication. The best practice is to host your users in a subrealm, and as such have PAPs configured in subrealms as well. If however you need to have a PAP for the admins in the top level realm, that should be able to handle this scenario.
NB: it may also help to define the PAPs at the chain level, but it may still get invoked if that chain is in use during startup.
|Comment by Gene Hirayama [ 27/Apr/17 ]|