[OPENIDM-9883] Backport OPENIDM-9855: Trusted Attribute fails with multiple instances using different resources Created: 19/Dec/17  Updated: 10/Jan/18  Resolved: 02/Jan/18

Status: Closed
Project: OpenIDM
Component/s: Module - Authentication
Affects Version/s: OpenIDM 5.0.0, OpenIDM 5.5.0, OpenIDM 6.0.0
Fix Version/s: OpenIDM 5.5.0.1

Type: Bug Priority: Major
Reporter: Matthias Grabiak Assignee: Matthias Grabiak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backport
is a backport of OPENIDM-9855 Trusted Attribute fails with multiple... Closed
Target Version/s:
Verified Version/s:
Support Ticket IDs:

 Description   

When using multiple instances of the trusted attribute module the second and following instances do not initialize their settings properly, mistakenly reusing the settings from the first instance.



 Comments   
Comment by Jakub Janoska [X] (Inactive) [ 10/Jan/18 ]

Verified on OpenIDM version "5.5.0.1-SNAPSHOT" (revision: 8fc15e9) jenkins-OpenIDM - 5.5.x - postcommit-138 origin/sustaining/5.5.x and checked OK

 

Used steps to verification:

  1. Update conf/authentication.json ( add code below into authModules )
    • {
      "name": "TRUSTED_ATTRIBUTE",
      "properties": {
      "queryOnResource": "repo/internal/user",
      "propertyMapping":
      
      { "authenticationId": "username", "userRoles": "roles" }
      ,
      "defaultUserRoles": [],
      "authenticationIdAttribute": "X-ForgeRock-AuthenticationId",
      "augmentSecurityContext":
      
      { "type": "text/javascript", "file": "auth/populateRolesFromRelationship.js" }
      },
      "enabled": true
      },
      {
      "name": "TRUSTED_ATTRIBUTE",
      "properties": {
      "queryOnResource": "managed/user",
      "propertyMapping":
      
      { "authenticationId": "userName", "userRoles": "authzRoles" }
      ,
      "defaultUserRoles": [],
      "authenticationIdAttribute": "X-ForgeRock-AuthenticationId",
      "augmentSecurityContext":
      
      { "type": "text/javascript", "file": "auth/populateRolesFromRelationship.js" }
      },
      "enabled": true
      }
      
  1. Update conf/servletfilter-gzip.json > requestedAttributes
    • "requestAttributes" : {"X-ForgeRock-AuthenticationId" : "openidm-admin"}
      
  1. Start OpenIDM
  2. Open IDM UI and check, if you logged in as 'openidm-admin' automatically
  3. Update conf/servletfilter-gzip.json > requestedAttributes ( bjensen has to be in managed/user )
    • "requestAttributes" : {"X-ForgeRock-AuthenticationId" : "bjensen"}
      
  1. Restart OpenIDM
  2. Open UI and check, if you logged in as 'bjensen'
Generated at Fri Oct 23 08:44:18 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.