Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12338

policies?_action=evaluate checks all policy sets

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1
    • Fix Version/s: 13.5.3, 14.1.2, 6.0.0.3, 6.5.0, 6.0.1, 5.5.2
    • Component/s: policy
    • Labels:
    • Sprint:
      AM Sustaining Sprint 48, AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51
    • Story Points:
      3
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes

      Description

      Bug description

      policies?_action=evaluate appears to check all policy sets even though application is set in the request. Should application be a required field if AM is checking all of them regardless?

      How to reproduce the issue

      1. Create two policy sets, each protecting a different resource e.g. Pattern1 and Pattern2
      2. Set one policy set to require AuthLevel 1 and the other to AuthLevel 2
      3. Evaluate application PolicyA and PolicyB with the wrong resource (if Pattern1 is a resource protected in PolicyA, put it in the request with PolicyB for example)
      4. AuthLevelConditionAdvice in the response indicates the resource is protected by the application not defined in the request 
      Expected behaviour
      Not sure but if we are evaluating a particular application / policy set, and the resource we are evaluating is not found, I don't think AM should return advice for another application / policy set where the resource is found.
      Current behaviour
      Returns advice for application / policy set not defined in the request

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: