Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12305

ssoadm does not create OAuth2Provider service

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 14.5.0, 14.5.1
    • Fix Version/s: None
    • Component/s: ssoadm
    • Labels:
      None

      Description

      Bug description

      The configuration file must not have the "forgerock-oauth2-provider-oidc-claims-extension-script" attribue name. Otherwise, the ssoadm would authenticated but not create a OAuth2Provider service in the AM console.

      This would also meant that user would need to manually add their custom OIDC claim script from the AM console.

      How to reproduce the issue

      1. On a newly install AM 5.0.0 with ssoadm version 5.0.0_,_ create an OAuth2Provider Service ( [Realm] Services > Add a Service > OAuth2Provider )
      2. Get the service attribute of OAuth2Provider using ssoadm and save into a file called oauth2provider.config
        $ ./ssoadm get-realm-svc-attrs -u amadmin -f pwd.txt -e / -s OAuth2Provider > oauth2provider.config
        
        forgerock-oauth2-provider-refresh-token-lifetime=36000
        customLoginUrlTemplate=
        supportedIDTokenEncryptionMethods=A256GCM
        ...........
        forgerock-oauth2-provider-oidc-claims-extension-script=36863ffb-40ec-48b9-94b1-9a99f71cc3b5
        ..........
        verificationUrl=
        forgerock-oauth2-provider-loa-mapping=https://bugster.forgerock.org/jira/projects/OPENAM/issues/OPENAM-12243?filter=allopenissues#
        forgerock-oauth2-provider-jkws-uri=
      1. On a newly installed AM 5.5.x, using ssoadm version 5.5.x to add the OAuth2Provider service
      Expected behaviour
      $ ./ssoadm add-svc-realm -e / -u amadmin -f pwd.txt -s OAuth2Provider -D /path/to/oauth2provider.config -v -d
      Process Request ...
      Constructing Request Context...
      Validating mandatory options...
      Processing Sub Command ...
      
      Executing class, com.sun.identity.cli.realm.RealmAssignService.
      Authenticating...
      Authenticated.
      Service, OAuth2Provider was added to realm, /.
      
      

      The AM console will show the creation of OAuth2Provider.

      Current behaviour
      $ ./ssoadm add-svc-realm -e / -u amadmin -f pwd.txt -s OAuth2Provider -D /path/to/oauth2provider.config -v -d
      Process Request ...
      Constructing Request Context...
      Validating mandatory options...
      Processing Sub Command ...
      
      Executing class, com.sun.identity.cli.realm.RealmAssignService.
      Authenticating...
      Authenticated.
      

      The AM console did not show the creation of OAuth2Provider.

       

      In the ssoadm Configuration debug file:

      amCLI:01/10/2018 11:12:25:898 AM SGT: Thread[main,5,main]: TransactionId[unknown]
      ERROR: An unexpected error occurred in thread 'Thread[main,5,main]'
      java.lang.IllegalStateException: Could not initialise script configurations for realm /
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.reload(ScriptConfigurationService.java:130)
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.init(ScriptConfigurationService.java:115)
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.<init>(ScriptConfigurationService.java:111)
          at org.forgerock.openam.scripting.service.ScriptChoiceValues.getScriptingService(ScriptChoiceValues.java:116)
          at org.forgerock.openam.scripting.service.ScriptChoiceValues.getChoiceValues(ScriptChoiceValues.java:88)
          at com.sun.identity.sm.AttributeSchemaImpl$AttributeSchemaState.getChoiceValuesMap(AttributeSchemaImpl.java:731)
          at com.sun.identity.sm.AttributeSchemaImpl$AttributeSchemaState.access$1300(AttributeSchemaImpl.java:394)
          at com.sun.identity.sm.AttributeSchemaImpl.getChoiceValuesMap(AttributeSchemaImpl.java:210)
          at com.sun.identity.sm.AttributeSchemaImpl.getChoiceValuesSet(AttributeSchemaImpl.java:221)
          at com.sun.identity.sm.AttributeSchemaImpl.getChoiceValues(AttributeSchemaImpl.java:180)
          at com.sun.identity.sm.AttributeValidator.validateType(AttributeValidator.java:286)
          at com.sun.identity.sm.AttributeValidator.validate(AttributeValidator.java:403)
          at com.sun.identity.sm.ServiceSchemaImpl.validateAttrValues(ServiceSchemaImpl.java:600)
          at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:354)
          at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:323)
          at com.sun.identity.sm.CreateServiceConfig.createSubConfigEntry(CreateServiceConfig.java:331)
          at com.sun.identity.sm.ServiceConfigManager.createOrganizationConfig(ServiceConfigManager.java:356)
          at com.sun.identity.sm.OrganizationConfigManager.addServiceConfig(OrganizationConfigManager.java:1225)
          at com.sun.identity.sm.OrganizationConfigManager.assignService(OrganizationConfigManager.java:1493)
          at com.sun.identity.cli.realm.RealmAssignService.handleRequest(RealmAssignService.java:95)
          at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
          at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
          at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
          at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:585)
          at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:182)
          at com.sun.identity.cli.CommandManager.main(CommandManager.java:159)
      Caused by: org.forgerock.openam.scripting.ScriptException: Script type not recognised: AUTHENTICATION_TREE_DECISION_NODE
          at org.forgerock.openam.scripting.ScriptConstants.getContextFromString(ScriptConstants.java:207)
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.scriptConfigurationFromMap(ScriptConfigurationService.java:363)
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.getScriptConfigurations(ScriptConfigurationService.java:145)
          at org.forgerock.openam.scripting.service.ScriptConfigurationService.reload(ScriptConfigurationService.java:128)
          ... 25 more
      
      

      Work around

      Remove the following line from oauth2provider.config file:

      forgerock-oauth2-provider-oidc-claims-extension-script=36863ffb-40ec-48b9-94b1-9a99f71cc3b5

       

      Using ssoadm to add OAuth2Provider:

      $ ./ssoadm add-svc-realm -e / -u amadmin -f pwd.txt -s OAuth2Provider -D /path/to/oauth2provider.config -v -d
      Process Request ...
      Constructing Request Context...
      Validating mandatory options...
      Processing Sub Command ...
      
      Executing class, com.sun.identity.cli.realm.RealmAssignService.
      Authenticating...
      Authenticated.
      Service, OAuth2Provider was added to realm, /.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                wanning.tan WanNing Tan
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: