Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14172

Amster Export - Persistent cookie Keystore Mapping inconsistency after upgrade to 6.5.0

    Details

    • Sprint:
      AM Sustaining Sprint 58, AM Sustaining Sprint 59
    • Story Points:
      5
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      am.default.authentication.modules.persistentcookie.encryption changes after upgrade to 6.5 and returns as id code instead of its name. Also am.default.authentication.modules.persistentcookie.signing is missing after upgrade.

      How to reproduce the issue

      1. Install 6.5.0 and do an Amster export
      2. Navigate to export650/global/KeyStoreSecretStore/default-keystore/KeyStoreMappings and open the am.default.authentication.modules.persistentcookie.encryption.json
        {
          "metadata" : {
            "realm" : null,
            "amsterVersion" : "6.5.0",
            "entityType" : "KeyStoreMappings",
            "entityId" : "am.default.authentication.modules.persistentcookie.encryption",
            "pathParams" : {
              "KeyStoreSecretStore" : "default-keystore"
            }
          },
          "data" : {
            "_id" : "am.default.authentication.modules.persistentcookie.encryption",
            "secretId" : "am.default.authentication.modules.persistentcookie.encryption",
            "aliases" : [ "test" ],
            "_type" : {
              "_id" : "mappings",
              "name" : "Mappings",
              "collection" : true
            }
          }
        }
        
      3. Now install an 5.5.1 instance, upgrade to 6.5.0 and do another amster export
      4. Look for the same secret as before, the file is now named out of the id 49537ca3-dddc-4068-ace0-43c8008e593f.json
        {
          "metadata" : {
            "realm" : null,
            "amsterVersion" : "6.5.0",
            "entityType" : "KeyStoreMappings",
            "entityId" : "49537ca3-dddc-4068-ace0-43c8008e593f",
            "pathParams" : {
              "KeyStoreSecretStore" : "default-keystore"
            }
          },
          "data" : {
            "_id" : "49537ca3-dddc-4068-ace0-43c8008e593f",
            "secretId" : "am.default.authentication.modules.persistentcookie.encryption",
            "aliases" : [ "test" ],
            "_type" : {
              "_id" : "mappings",
              "name" : "Mappings",
              "collection" : true
            }
          }
        }
        
      5. Now if you use this export in order to import it to another AM (target instance) with --clean (this fails due to OPENAM-14265)
        Failed to import /opt/export650/global/KeyStoreSecretStore/default-keystore/KeyStoreMappings/49537ca3-dddc-4068-ace0-43c8008e593f.json  : 400 Bad Request: Invalid config: A mapping for the provided secret ID already exists
        
      Expected behaviour
      The entityId of the secret id name should remain the same
      
      Current behaviour
      the entityId of the secret id returns as code
      

      Workaround

      The workaround when importing the am.default.authentication.modules.persistentcookie.encryption secret (or other secrets) is to delete the secrets from the target instance as --clean doesn't work with secrets OPENAM-14265).
      It appears that the ID of the entityId and id don't create any issue during or after the import. If you export the secret again, it keeps the entityId and Id as before (e.g 49537ca3-dddc-4068-ace0-43c8008e593 as above).
      This JIRA is about fixing the inconsistency of the am.default.authentication.modules.persistentcookie.encryption secret during the upgrade.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                anastasios.kampas Tasos Kampas
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: