Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12377

WS-Fed extended metadata with unknown COT value should generate an error

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0
    • Fix Version/s: 13.5.3, 6.0.0, 5.5.2
    • Component/s: console, WS Federation
    • Labels:
    • Sprint:
      AM Sustaining Sprint 47, AM Sustaining Sprint 48
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      OpenAM allows the importing of WS-Fed extended metadata with a COT value that does not exist.

      How to reproduce the issue

      Alter an existing set of valid WS-Fed extended metadata to include a COT value that does not exist and import via the Import Entity function on the Federation console page.

      Expected behaviour
      OpenAM should present an error about the unknown COT and not import the entity.
      
      Current behaviour
      OpenAM imports the entity without alerting the user to the unknown COT value.
      

      Work around

      Check the WS-Fed extended metadata before importing to ensure any COT values are already known with the OpenAM configuration for the realm.

      Code analysis

      Requires the same logic as applied in OPENAM-7124 which only covered the SAML2 extended metadata case.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                markdr Mark de Reeper
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: