[OPENIDM-9882] Backport OPENIDM-9855: Trusted Attribute fails with multiple instances using different resources Created: 19/Dec/17  Updated: 22/Feb/18  Resolved: 09/Feb/18

Status: Closed
Project: OpenIDM
Component/s: Module - Authentication
Affects Version/s: OpenIDM 5.0.0, OpenIDM 5.5.0, OpenIDM 6.0.0
Fix Version/s: OpenIDM 5.0.0.2

Type: Bug Priority: Major
Reporter: Matthias Grabiak Assignee: Mark Offutt [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: Sustaining
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backport
is a backport of OPENIDM-9855 Trusted Attribute fails with multiple... Closed
Target Version/s:
Verified Version/s:
QA Assignee: Jakub Janoska [X] (Inactive)
Support Ticket IDs:

 Description   

When using multiple instances of the trusted attribute module the second and following instances do not initialize their settings properly, mistakenly reusing the settings from the first instance.



 Comments   
Comment by Jakub Janoska [X] (Inactive) [ 22/Feb/18 ]

 Verified on  OpenIDM version "5.0.0.2-RC2" (revision: 608d658) jenkins-OpenIDM - 5.0.x - Release-18 sustaining/5.0.x.

For testing add code below into conf/authentication.json:

  • for default repo - "authenticationId": "username"
  • for mysql repo - "objectid": "username"
{
"name": "TRUSTED_ATTRIBUTE",
"properties": {
"queryOnResource": "repo/internal/user",
"propertyMapping":
{ "objectid": "username", "userRoles": "roles" } 
,
"defaultUserRoles": [],
"authenticationIdAttribute": "X-ForgeRock-AuthenticationId",
"augmentSecurityContext":

{ "type": "text/javascript", "file": "auth/populateRolesFromRelationship.js" }
},
"enabled": true
},
{
"name": "TRUSTED_ATTRIBUTE",
"properties": {
"queryOnResource": "managed/user",
"propertyMapping":

{ "authenticationId": "userName", "userRoles": "authzRoles" }
,
"defaultUserRoles": [],
"authenticationIdAttribute": "X-ForgeRock-AuthenticationId",
"augmentSecurityContext":

{ "type": "text/javascript", "file": "auth/populateRolesFromRelationship.js" }
},
"enabled": true
}

And try to automatically log in with internal/user - 'openidm-admin' and managed/user for example 'testuser'. For automatic log in need to update conf/servletfilter-gzip.json

  • internal/user = openidm-admin
  • managed/user = testuser (need to create this user)
{
"classPathURLs" : [ ],
"systemProperties" : { },
"requestAttributes" : {"X-ForgeRock-AuthenticationId" : "testuser"},
"initParams" : { },
"scriptExtensions" : { },
"urlPatterns" : [
"/*"
],
"filterClass" : "org.eclipse.jetty.servlets.GzipFilter"
}
Generated at Sat Oct 31 01:34:40 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.