Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12630

Assign Identity user to Identity Group via requests doesn't work

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: API descriptor
    • Labels:
    • Environment:
      Tomcat 8.0.46
      OpenJDK Runtime Environment (build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12)
      OpenAM 6.0.0-SNAPSHOT (175bf4afdf)
    • Target Version/s:
    • Needs backport:
      No
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Adding identity user to identity group via request is not working properly, it does nothing although it looks successful. The tests started to report this in Nightly Build from Mar/13, it works properly with milestone M7.

      How to reproduce the issue

      obtain token:
curl -H "Accept-API-Version: protocol=2.0,resource=2.0" -H "Content-type: application/json" -H "X-OpenAM-Username: amAdmin" -H "X-OpenAM-Password: password" -X  POST http://openam.example.com:8088/openam/json/realms/root/authenticate?realm=/

add user to group:
curl -H "Content-type: application/json" -H "If-Match: *" -H "Accept-API-Version: protocol=2.0,resource=1.0" -X  PUT --cookie "amlbcookie=01" --cookie "iPlanetDirectoryPro=TOKEN_ID" --data '{"uniqueMember": ["uid=policyAdmin,ou=People,dc=openam,dc=forgerock,dc=org"]}' http://openam.example.com:8088/openam/json/groups/policyAdmins
      Expected behaviour

      OpenAM 6.0.0-M7

      {
    "_id": "policyAdmins",
    "_rev": "1581369277",
    "cn": [
        "policyAdmins"
    ],
    "dn": [
        "cn=policyAdmins,ou=groups,dc=openam,dc=forgerock,dc=org"
    ],
    "objectclass": [
        "top",
        "groupofuniquenames"
    ],
    "realm": "/",
    "uniqueMember": [
        "uid=policyAdmin,ou=People,dc=openam,dc=forgerock,dc=org"
    ],
    "universalid": [
        "id=policyAdmins,ou=group,dc=openam,dc=forgerock,dc=org"
    ],
    "username": "policyAdmins"
}

      User has been assigned to group.

      Current behaviour
      {
    "_id": "policyAdmins",
    "_rev": "-223034725",
    "cn": [
        "policyAdmins"
    ],
    "dn": [
        "cn=policyAdmins,ou=groups,dc=openam,dc=forgerock,dc=org"
    ],
    "objectclass": [
        "top",
        "groupofuniquenames"
    ],
    "realm": "/",
    "universalid": [
        "id=policyAdmins,ou=group,dc=openam,dc=forgerock,dc=org"
    ],
    "username": "policyAdmins"
}

      User has NOT been assigned to group. Verified also in UI, that he is not part of the group. You can do that using UI with no problems.

        Attachments

          Issue Links

          caused

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-12778 User can no longer log in AM if was removed from the privileges group

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                rich.riley Rich Riley [X] (Inactive)
                Reporter:
                jan.hajovsky Jan Hajovsky
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: