CustomScopeValidator OpenAM 13.x

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Peter Major Peter Major 2 weeks, 5 days ago.

  • Author
    Posts
  • #15590
    Profile photo of muunen muunen 
    Participant

    Hi,

    We have written a CustomScopeValidator class, which works perfectly well in OpenAM 12.0.

    Now we are in the process of upgrading to OpenAM 13.5 and we experience a problem. After adjusting the code to conform the slightly changed interface we still get an error on the /openam/oauth2/authorize call. (‘internal server error’).

    Request:
    GET /openam/oauth2/authorize?client_id=sample&scope=read%20write&state=6296560&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&response_type=code

    Response:
    HTTP/1.1 400 Bad Request
    Cache-Control: no-store
    Date: Mon, 30 Jan 2017 11:59:28 GMT
    Accept-Ranges: bytes
    Server: Restlet-Framework/2.3.4
    Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept
    Pragma: no-cache
    Content-Type: text/html;charset=UTF-8
    Transfer-Encoding: chunked
    Connection: close

    765
    <!DOCTYPE html>
    <!–
    ~ DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
    ~
    ~ Copyright 2012-2015 ForgeRock AS.
    ~
    ~ The contents of this file are subject to the terms
    ~ of the Common Development and Distribution License
    ~ (the License). You may not use this file except in
    ~ compliance with the License.
    ~
    ~ You can obtain a copy of the License at
    ~ http://forgerock.org/license/CDDLv1.0.html
    ~ See the License for the specific language governing
    ~ permission and limitations under the License.
    ~
    ~ When distributing Covered Code, include this CDDL
    ~ Header Notice in each file and include the License file
    ~ at http://forgerock.org/license/CDDLv1.0.html
    ~ If applicable, add the following below the CDDL Header,
    ~ with the fields enclosed by brackets [] replaced by
    ~ your own identifying information:
    ~ “Portions Copyrighted [year] [name of copyright owner]”
    ~
    ~ Portions Copyrighted 2014 Nomura Research Institute, Ltd
    –>
    <html lang=”en”>
    <head>
    <meta charset=”utf-8″>
    <meta http-equiv=”X-UA-Compatible” content=”IE=edge”>
    <meta name=”viewport” content=”width=device-width, initial-scale=1″>
    <meta name=”description” content=”OAuth2 Error”>
    <title>OAuth2 Error Page</title>
    </head>

    <body style=”display:none”>
    <div id=”wrapper”>Loading…</div>
    <footer id=”footer” class=”footer”></footer>
    <script type=”text/javascript”>
    pageData = {
    realm : “/”,
    baseUrl: “http://openam.example.com:7001/openam/XUI”,
    error: {
    description: “Internal Server Error”,
    message: “server_error”
    }
    }
    </script>
    <script data-main=”http://openam.example.com:7001/openam/XUI/main-authorize” src=”http://openam.example.com:7001/openam/XUI/libs/requirejs-2.1.14-min.js”></script>
    </body>
    </html>

    0

    Error in the logfile (access.csv):
    “The request could not be understand by the server due to malformed syntax”

    Even when using the custom scope validator from the documentation we experience this problem. Again, on version 12.x this works fine.

    Hope you can clue on this. Otherwise, how to obtain more debug info, we switched in the console to ‘Message’ level but still not enough to tackle this.

    Michel

    #15593
    Profile photo of Peter Major Peter Major 
    Moderator

    Have you checked the logs under the debug folder?

    #15597
    Profile photo of muunen muunen 
    Participant

    Yes, but i don’t see any log entry added when executing this call.

    #15604
    Profile photo of Scott Heger Scott Heger 
    Participant

    What about in your container logs? Anything there?

    #15612
    Profile photo of muunen muunen 
    Participant

    Debugged it after building OpenAM from the source and got it working on OpenAM 13.0 now, the custom scope validator sample misses a check on token != 0 in getUserInfo(), probably change since 12.0?

    For 13.5 i still got an internal server error on the /access_token endpoint, maybe some token null as well.

    #15614
    Profile photo of muunen muunen 
    Participant

    BTW Are there any 13.5 maven dependencies in maven.forgerock.org anyway?

    #15631
    Profile photo of Peter Major Peter Major 
    Moderator

    Yes, there are. Reach out to support via backstage.forgerock.com for more information.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?