[OPENAM-11268] SAML2 IDP metadata missing NameIDMappingService elements should not error on save - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Duplicate
Affects Version/s: 12.0.0, 13.0.0, 13.5.0, 14.0.0, 14.1.0
Fix Version/s: None
Component/s: console, SAML
Labels:
- EDISON

Target Version/s:

13.5.3, 14.5.0

Needs backport:

No

Support Ticket IDs:

Needs QA verification:

No
Functional tests:

No
Are the reproduction steps defined?:

No (add reasons in the comment)

Description

The NameIDMappingService element in the metadata of a remote IDP is not a required element according to the SAML2 spec and OpenAM loads IDP metadata without this element without issue but when in the Services tab of the loaded metadata and hitting Save, OpenAM shows an error box in the console:

Error
Entity descriptor "idpentity" under realm "/" has invalid syntax.

Where idpentity is the entity ID of the loaded metadata and the following is seen in the container logs:

DefaultValidationEventHandler: [ERROR]: a required field "Location" is missing an object 

     Location:  obj: com.sun.identity.saml2.jaxb.metadata.impl.NameIDMappingServiceElementImpl@4653aaf2

To workaround this issue, add a URL into the "NameID Mapping" field at the bottom of the Services page (based on one of the values from the other service location entries) and Save.

Even without this workaround, the changes made to the Services page appear to be applied even though it generates the error.

Attachments

Issue Links

is duplicated by

OPENAM-11937 Federation UI does not allow empty NameIDMappingService

Resolved

relates to

OPENAM-11937 Federation UI does not allow empty NameIDMappingService

Resolved

Activity

People

Assignee:

Sam Fraser

Reporter:

Mark de Reeper

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

13/Jun/17 1:32 AM

Updated:

24/Jan/19 7:01 PM

Resolved:

24/Jan/19 7:01 PM