Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14439

user unable to administer federation entities although privilege "Read and write access to all federation metadata configurations" is granted

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 14.1.1
    • Fix Version/s: None
    • Component/s: console, SAML
    • Labels:
      None
    • Support Ticket IDs:

      Description

      Bug description

      Although privilege "Read and write access to all federation metadata configurations" is granted, the user is not allowed to add a SAML Service Provider entity to a Circle of Trust

      How to reproduce the issue

      1. Deploy AM
      2. login to AM console as amadmin
      3. created hosted IdP and CoT in realm
      4. register remote SP but do not assign it to a CoT
      5. create some group and assign privilege "Read and write access to all federation metadata configurations"
      6. create user and assign it to the group
      7. login with that user to AM console
      8. add SP to CoT
      Expected behaviour
      SP should be assigned to CoT
      
      Current behaviour
      Internal server error
      
      <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> AMSetupFilter.doFilter</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>javax.servlet.ServletException: AMSetupFilter.doFilter com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:141) org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43) </pre></p><p><b>Root Cause</b> <pre>org.apache.jasper.JasperException: An exception occurred processing JSP page /console/ajax/AjaxProxy.jsp at line 108 105: rb = ResourceBundle.getBundle(RB_NAME, resLocale); 106: String msg = com.sun.identity.shared.locale.Locale.getString( 107: rb, &quot;ajax.user.privilege.invalid&quot;, debug); 108: throw new RuntimeException(msg); 109: } 110: 111: } catch (SSOException ssoe) { Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:580) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:477) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) javax.servlet.http.HttpServlet.service(HttpServlet.java:731) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36) org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80) com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111) org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43) </pre></p><p><b>Root Cause</b> <pre>java.lang.RuntimeException: User does not have privileges to perform this task. org.apache.jsp.console.ajax.AjaxProxy_jsp._jspService(AjaxProxy_jsp.java:175) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:731) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) javax.servlet.http.HttpServlet.service(HttpServlet.java:731) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36) org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80) com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111) org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43) </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.90</h3></body></html>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: