Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12334

Unable to create Saml2Entity using Amster

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 5.5.1
    • Fix Version/s: None
    • Component/s: Amster
    • Labels:
      None
    • Support Ticket IDs:

      Description

      Bug description

      Using the Amster "create Saml2Entity" fails resulting in an error similar to this:

      Failed to execute the 'create' command. Unexpected character ('1' (code 49)): was expecting comma to separate Object entries.

      Amster requires that the body be specified in the --body argument on the command line which seems to cause parsing issues with XML data contained within entity and metadata.

      Attempted to use various inputs in the body, but all have failed. eg:

      create Saml2Entity --realm customers --body '{"metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><EntityDescriptor entityID=\"http://id.example.com:8080\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\">    <IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">        <KeyDescriptor use=\"signing\">            <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">                <ds:X509Data>                    <ds:X509Certificate>MIIDaDCCAlCgAwIBAgIDcB/YMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMTgxMTU2MjhaFw0yNjAzMTYxMTU2MjhaMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNbl89eP6B8kZATNSPe3+OZ3esLx31hjX+dakHtPwXCAaCKqJFwjwKdxyRuPdsVG+8Dbk3PGhk26aJrSE93EpxeqmQqxNPMeD+N0/8pjkuVYWwPIQ/ts2iTiWOVn7wzlE4ASfvupqOR5pjuYMWNo/pd4L7QNjUCKoAt9H11HMyiP+6roo/EYgX4AH7OAhfUMncYsopWhkW/ze9z8wTXc8BAEgDmt8zFCez1CtqJB/MlSBUGDgk8oHYDsHKmx05baBaOBQ8LRGP5SULSbRtu34eLFootBIn0FvUZSnwTiSpbaHHRgWrMOVm07oSLWBuO3h/bj38zBuuqqVsAK8YuyoECAwEAAaMhMB8wHQYDVR0OBBYEFHxfAbr6PQ5Xgc+jVx+AGTPnnpWZMA0GCSqGSIb3DQEBCwUAA4IBAQAZBMJ29/2idv1ztC6ArHtB4kw/nHHwthXFwtWAN7sRPB8tLW7fD8aJ43RQr5107Bg1Lgkmt+FZxpafqUC/mukjIzGzbW0COMSOTcWUGss+HxK6M6Fl9aOzKJMct1uOSpPFgjItcGqydGZXR2FH93vXWoAotUwtZ119IixIdxpOJwYJg0HFn+GEfpU1PmiLfq2/uwqJ0hGCNfNcm9puagzhQrcDFOnolxjnYPSfSkU5wxlGo99yE5eJwoHXXU7csaZVttmx7sPj1lUENogXUM6JMqzSyEIm1XCOCL8rZJkZ781W5CwZhuJTNzV31sBREs8FaaCeksu7Y48BmkUqw6E9</ds:X509Certificate>                </ds:X509Data>            </ds:KeyInfo>        </KeyDescriptor>        <ArtifactResolutionService index=\"0\" isDefault=\"true\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/am/ArtifactResolver/metaAlias/customers/idp\"/>        <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://id.example.com:8080/IDPSloRedirect/metaAlias/customers/idp\" ResponseLocation=\"http://id.example.com:8080/IDPSloRedirect/metaAlias/customers/idp\"/>        <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://id.example.com:8080/IDPSloPOST/metaAlias/customers/idp\" ResponseLocation=\"http://id.example.com:8080/IDPSloPOST/metaAlias/customers/idp\"/>        <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/IDPSloSoap/metaAlias/customers/idp\"/>        <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://id.example.com:8080/IDPMniRedirect/metaAlias/customers/idp\" ResponseLocation=\"http://id.example.com:8080/IDPMniRedirect/metaAlias/customers/idp\"/>        <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://id.example.com:8080/IDPMniPOST/metaAlias/customers/idp\" ResponseLocation=\"http://id.example.com:8080/IDPMniPOST/metaAlias/customers/idp\"/>        <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/IDPMniSoap/metaAlias/customers/idp\"/>        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>        <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://id.example.com:8080/SSORedirect/metaAlias/customers/idp\"/>        <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://id.example.com:8080/am/SSOPOST/metaAlias/customers/idp\"/>        <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/SSOSoap/metaAlias/customers/idp\"/>        <NameIDMappingService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/NIMSoap/metaAlias/customers/idp\"/>        <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://id.example.com:8080/AIDReqSoap/IDPRole/metaAlias/customers/idp\"/>        <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://id.example.com:8080/AIDReqUri/IDPRole/metaAlias/customers/idp\"/>    </IDPSSODescriptor></EntityDescriptor>","entityConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><EntityConfig entityID=\"http://id.example.com:8080\" hosted=\"true\" xmlns=\"urn:sun:fm:SAML:2.0:entityconfig\">    <IDPSSOConfig metaAlias=\"/customers/idp\">        <Attribute name=\"assertionEffectiveTime\">            <Value>600</Value>        </Attribute>        <Attribute name=\"appLogoutUrl\"/>        <Attribute name=\"wantLogoutResponseSigned\">            <Value>false</Value>        </Attribute>        <Attribute name=\"idpECPSessionMapper\">            <Value>com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper</Value>        </Attribute>        <Attribute name=\"RpUrl\"/>        <Attribute name=\"idpAccountMapper\">            <Value>com.sun.identity.saml2.plugins.DefaultIDPAccountMapper</Value>        </Attribute>        <Attribute name=\"attributeMap\">            <Value>EmailAddress=mail</Value>            <Value>name=cn</Value>        </Attribute>        <Attribute name=\"discoveryBootstrappingEnabled\">            <Value>false</Value>        </Attribute>        <Attribute name=\"nameIDFormatMap\">            <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail</Value>        </Attribute>        <Attribute name=\"proxyIDPFinderJSP\"/>        <Attribute name=\"autofedAttribute\">            <Value/>        </Attribute>        <Attribute name=\"wantMNIResponseSigned\">            <Value>false</Value>        </Attribute>        <Attribute name=\"idpAuthncontextClassrefMapping\">            <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0||default</Value>        </Attribute>        <Attribute name=\"wantLogoutRequestSigned\">            <Value>false</Value>        </Attribute>        <Attribute name=\"metaAlias\"/>        <Attribute name=\"proxyIDPFinderClass\"/>        <Attribute name=\"saeAppSecretList\"/>        <Attribute name=\"idpAdapter\">            <Value>com.sun.identity.saml2.plugins.MySAML2IdentityProviderAdapter</Value>        </Attribute>        <Attribute name=\"signingCertKeyPass\"/>        <Attribute name=\"idpAuthncontextMapper\">            <Value>com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper</Value>        </Attribute>        <Attribute name=\"basicAuthOn\">            <Value>false</Value>        </Attribute>        <Attribute name=\"wantNameIDEncrypted\">            <Value>false</Value>        </Attribute>        <Attribute name=\"idpSessionSyncEnabled\">            <Value>false</Value>        </Attribute>        <Attribute name=\"wantMNIRequestSigned\">            <Value>false</Value>        </Attribute>        <Attribute name=\"basicAuthUser\"/>        <Attribute name=\"idpDisableNameIDPersistence\">            <Value>false</Value>        </Attribute>        <Attribute name=\"basicAuthPassword\"/>        <Attribute name=\"wantArtifactResolveSigned\">            <Value>false</Value>        </Attribute>        <Attribute name=\"AuthUrl\"/>        <Attribute name=\"saeIDPUrl\">            <Value>http://id.example.com:8080/idpsaehandler/metaAlias/customers/idp</Value>        </Attribute>        <Attribute name=\"assertionCacheEnabled\">            <Value>false</Value>        </Attribute>        <Attribute name=\"cotlist\">            <Value>idCOT</Value>        </Attribute>        <Attribute name=\"assertionNotBeforeTimeSkew\">            <Value>600</Value>        </Attribute>        <Attribute name=\"encryptionCertAlias\"/>        <Attribute name=\"idpAttributeMapper\">            <Value>com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper</Value>        </Attribute>        <Attribute name=\"enableProxyIDPFinderForAllSPs\">            <Value>false</Value>        </Attribute>        <Attribute name=\"signingCertAlias\">            <Value>test</Value>        </Attribute>        <Attribute name=\"relayStateUrlList\"/>        <Attribute name=\"autofedEnabled\">           <Value>false</Value>        </Attribute>    </IDPSSOConfig></EntityConfig>","_type": {"_id": "saml2","name": "Entity Descriptor ","collection": true}}'
      
      Expected behaviour
      Saml2Entity is created
      Current behaviour
      Failed to execute the 'create' command. Unexpected character ('1' (code 49)): was expecting comma to separate Object entries.
      

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bradley.tarisznyas Brad Tarisznyas
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: