[OPENIDM-7108] Password Reset Token issued by one process cannot be validated by a different process Created: 15/Nov/16 Updated: 24/May/17 Resolved: 09/Mar/17 |
|
Status: | Closed |
Project: | OpenIDM |
Component/s: | Module - SelfService |
Affects Version/s: | OpenIDM 4.0.0, OpenIDM 4.5.0, OpenIDM 5.0.0, OpenIDM 5.5.0 |
Fix Version/s: | OpenIDM 5.0.0, OpenIDM 5.5.0 |
Type: | Bug | Priority: | Blocker |
Reporter: | Chris Drake | Assignee: | Brendan Miller |
Resolution: | Fixed | Votes: | 0 |
Labels: | release-notes | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
||||||||
Target Version/s: | |||||||||
Verified Version/s: | |||||||||
Story Points: | 3 | ||||||||
Sprint: | OpenIDM Sprint 69 | ||||||||
Cases: | 16515 | ||||||||
Support Ticket IDs: |
Description |
Validation of the Password Reset token will fail with the following: Caused by: org.forgerock.json.jose.exceptions.JweDecryptionException: Decryption failed at org.forgerock.json.jose.jwe.handlers.encryption.AbstractEncryptionHandler.decrypt(AbstractEncryptionHandler.java:109) at org.forgerock.json.jose.jwe.handlers.encryption.AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler.decryptContentEncryptionKey(AbstractRSAESPkcs1V15AesCbcHmacEncryptionHandler.java:206) at org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES128CBCHS256EncryptionHandler.decryptContentEncryptionKey(RSA15AES128CBCHS256EncryptionHandler.java:28) at org.forgerock.json.jose.jwe.EncryptedJwt.decrypt(EncryptedJwt.java:182) at org.forgerock.json.jose.jws.SignedEncryptedJwt.decrypt(SignedEncryptedJwt.java:85) at org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler.validateAndExtractClaims(JwtTokenHandler.java:142) at org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler.validateAndExtractState(JwtTokenHandler.java:124) ... 111 more The same problem exists if you attempt to use the Password Reset token on a cluster node other than the one which generated the token. |
Comments |
Comment by Mark Gibson [ 21/Nov/16 ] |
validated with OpenIDM 5.5.0-SNAPSHOT (0aaeb90) |
Comment by Laurent Bristiel [X] (Inactive) [ 23/Nov/16 ] |
checked OK in OpenIDM version "5.0.0-SNAPSHOT" (revision: 8f49dc7) |
Comment by Lana Frost [ 09/Mar/17 ] |
Reopening to add to release notes |
Comment by Seyed Hossein Ahmadinejad [X] (Inactive) [ 24/May/17 ] |
I still have this issue in a cluster when a pass reset token is used by a node other than the one that generated it. |
Comment by Seyed Hossein Ahmadinejad [X] (Inactive) [ 24/May/17 ] |
I am sorry. I posted this in a wrong place. |