Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12120

Referrals On Top Level Realm won't allow upgrade to 5.5.1

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 12.0.0, 12.0.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      The upgrade tool fails to upgrade the installation if sub level realm policies use a referral in the TLR.

      Reproduction Steps:

      1. Created new Realm (i.e /VIPRealm)
      2. Created new Referral under Application:iPlanetAMWebAgentService on TLR.
      3. Details of New Referral Made:
        Name: iPlanetAMWebAgentService
        Patterns Used: https://example.com:443/* & https://example.com:443/*?*
      4. Select VIPRealm as Realm and Create.
      5. Create New Policies under /VIPRealm using Patterns in Refferal from TLR (used GET and POST in this instance).
      6. Upgrade to 5.5.1 via shutting down the container and replacing war file with 5.5.1.
      7. Run through upgrade on Web-GUI.
      Expected behaviour

      Referrals to be deleted - policies recreated and upgrade to complete.

      Current behaviour

      Fails to delete referrals:

      Cloning application iPlanetAMWebAgentService into realm /VIPRealm; Done.
      Removing referral ou=VIP Referral,ou=referrals,ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementIndexes,ou=services,dc=example,dc=com; Done.
      Recreating policy Secured Resource Policy_VIP Policy Agent URL GET; Done.
      Recreating policy Secured Resource Policy_VIP Policy Agent URL; Done.
      Recreating policy Secured Resource GET; Failed!
      Stack trace:
      amUpgrade:11/15/2017 02:54:31:890 PM CET: Thread[[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]: TransactionId[4d476c21-037b-4717-9e8e-1e7c91f49d84-35]
      ERROR: Error occured while upgrading OpenAM
      org.forgerock.openam.upgrade.UpgradeException: Application cloning failed
       at org.forgerock.openam.upgrade.steps.RemoveReferralsStep.instateReferredApplications(RemoveReferralsStep.java:201)
       at org.forgerock.openam.upgrade.steps.RemoveReferralsStep.perform(RemoveReferralsStep.java:192)
       at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:153)
       at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:68)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:498)
       at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3317)
       at org.apache.click.util.ClickUtils.invokeListener(ClickUtils.java:2088)
       at org.apache.click.control.AbstractControl$1.onAction(AbstractControl.java:228)
       at org.apache.click.ActionEventDispatcher.fireActionEvent(ActionEventDispatcher.java:259)
       at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:236)
       at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:180)
       at org.apache.click.ClickServlet.performOnProcess(ClickServlet.java:746)
       at org.apache.click.ClickServlet.processAjaxPageEvents(ClickServlet.java:1860)
       at org.apache.click.ClickServlet.processPage(ClickServlet.java:559)
       at org.apache.click.ClickServlet.handleRequest(ClickServlet.java:383)
       at org.apache.click.ClickServlet.doGet(ClickServlet.java:276)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
       at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
       at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
       at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:123)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
       at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3683)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3649)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
       at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
       at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
       at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
       at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2433)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2259)
       at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1691)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1651)
       at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
       at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)
       at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)
       at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)
       at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
       at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:640)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:406)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)

      Work around

      As referrals are now redundant, delete referrals and policies and recreate once the upgrade has completed. Disabling referrals and upgrading, the policies still use the patterns and thus still creates the same error. 

      Have not tried any other versions apart from 12.0.0 and 12.0.2 and 5.5.1.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jeremy.cocks Jeremy Cocks
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: