Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11961

KBA update fails if Self service is configured in sub-realm and root realm has no datastore

    Details

    • Sprint:
      AM Sustaining Sprint 44, U - Team Tesla 2017.15
    • Story Points:
      3
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      A user is unable to update their KBA's for a sub-realm if no user datastore exists in the root realm, or the datastore configured in the sub realm is different from that configured in the root realm.

      How to reproduce the issue

      1. Create a sub realm and configure Self Service in this realm.
      2. Create a user in the sub realm
      3. Enable forgotten password, and enable Security Questions
      4. Remove the user data store from the root realm
      5. Login to the end user interface as the user created
      6. Attempt to add a security questions and response (clicking update)
      Expected behaviour
      The user's security question and response is saved to the user's profile
      Current behaviour
      "Bad Request Error" is displayed in the browser, the KBA is not updated. 
      The following error is logged in the CoreSystem debug:
      
      frRest:09/05/2017 01:02:34:404 AM CEST: Thread[http-nio-8080-exec-2,5,main]: TransactionId[8bd3d2c6-845e-4f62-b8d0-5adc964fb3f2-21085]
      demo3 :: PATCH attempted by id=demo3,ou=user,o=intranetkba,ou=services,dc=identity-dynamics,dc=com
      frRest:09/05/2017 01:02:34:404 AM CEST: Thread[http-nio-8080-exec-2,5,main]: TransactionId[8bd3d2c6-845e-4f62-b8d0-5adc964fb3f2-21085]
      demo3 :: PATCH attempted by id=dsameuser,ou=user,dc=identity-dynamics,dc=com
      amIdentityServices:09/05/2017 01:02:34:405 AM CEST: Thread[http-nio-8080-exec-2,5,main]: TransactionId[8bd3d2c6-845e-4f62-b8d0-5adc964fb3f2-21085]
      ERROR: IdentityServicesImpl:read
      Message:Plug-in com.sun.identity.idm.plugins.internal.SpecialRepo does not support operation read for type {2}
      
      at com.sun.identity.idm.plugins.internal.SpecialRepo.getAttributes(SpecialRepo.java:306)
      at com.sun.identity.idm.server.IdServicesImpl.getAttributes(IdServicesImpl.java:782)
      at com.sun.identity.idm.server.IdCachedServicesImpl.getAttributes(IdCachedServicesImpl.java:479)
      at com.sun.identity.idm.AMIdentity.getAttributes(AMIdentity.java:329)
      at com.sun.identity.idsvcs.opensso.IdentityServicesImpl.convertToIdentityDetails(IdentityServicesImpl.java:1300)
      at com.sun.identity.idsvcs.opensso.IdentityServicesImpl.read(IdentityServicesImpl.java:767)
      at org.forgerock.openam.core.rest.IdentityResourceV3.patchInstance(IdentityResourceV3.java:271)
      at org.forgerock.json.resource.InterfaceCollectionInstance.handlePatch(InterfaceCollectionInstance.java:46)
      at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:85)
      at org.forgerock.json.resource.Resources$CollectionInstanceIdContextFilter.filterPatch(Resources.java:510)
      at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:83)
      at org.forgerock.json.resource.FilterChain.handlePatch(FilterChain.java:240)
      at org.forgerock.json.resource.Router.handlePatch(Router.java:292)
      at org.forgerock.json.resource.Router.handlePatch(Router.java:292)
      at org.forgerock.json.resource.FilterChain$Cursor.handlePatch(FilterChain.java:85)
      at org.forgerock.openam.rest.fluent.AuditFilter.filterPatch(AuditFilter.java:144)
      

      Work around

      Configure a datastore in the root realm

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jamesphillpotts James Phillpotts
                Reporter:
                bradley.tarisznyas Brad Tarisznyas
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: