[OPENAM-8292] PostAuthentication onLogonSuccess/Error should be trigger for only actual user logon Created: 05/Feb/16  Updated: 27/Apr/17  Resolved: 27/Apr/17

Status: Resolved
Project: OpenAM
Component/s: documentation
Affects Version/s: 12.0.0, 12.0.1, 12.0.2, 13.0.0
Fix Version/s: 12.0.5, 13.5.1, 14.5.0

Type: Bug Priority: Major
Reporter: C-Weng C Assignee: Gene Hirayama
Resolution: Fixed Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

OpenAM 12.0.x and 13
with Install a AMPostAuthProcessInterface PostAuth onLogonSuccess.

Epic Link: Docs: Support Tickets
Support Ticket IDs:


When a sample PostAuth onLogonSuccess (AMPostAuthProcessInterface)
class is installed to the Authentication realm, it is observed
that on startup LoginLogoutMapping servlet is initialized
during load-on-startup and trigger even getting an AdminToken.
The onLogonSuccess seems to be called for non-actual users logon

Hence "onLogonSuccess method should not get invoked unless there is an actual user login event occurring"

Comment by Peter Major [X] (Inactive) [ 07/Nov/16 ]

This is expected behavior. If the PAP is configured in the top level realm at the realm level, it will be invoked for all sorts of authentication. The best practice is to host your users in a subrealm, and as such have PAPs configured in subrealms as well. If however you need to have a PAP for the admins in the top level realm, that should be able to handle this scenario.

NB: it may also help to define the PAPs at the chain level, but it may still get invoked if that chain is in use during startup.

Comment by Gene Hirayama [ 27/Apr/17 ]


Generated at Wed Nov 25 07:51:56 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.