Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15584

FBC fills AM with error logging

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 7.0.0
    • 7.0.0, 6.5.4
    • FBC
    • Rank:
      1|hzzb5j:
    • No
    • No
    • No
    • Yes and I used the same an in the description

      Description

      ISSUE

      If running AM with FBC, the logs fill with errors like the following:

      SMSUtils: Invalid attribute entry: com.forgerock.openam.oauth2provider.accessToken
      In SMSEntry: DN		: ou=986cf536cc8328d37badc340890a35f3,ou=default,ou=OrganizationConfig,ou=1.0,ou=AgentService,ou=services,ou=am-config
      Attribute Set	: {ou=[986cf536cc8328d37badc340890a35f3], sunKeyValue=[com.forgerock.openam.oauth2provider.scopes=[5]=me.update-password, com.forgerock.openam.oauth2provider.accessToken, com.forgerock.openam.oauth2provider.defaultScopes=[3]=me.read, com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled=false, com.forgerock.openam.oauth2provider.jwks, com.forgerock.openam.oauth2provider.userinfo.encryptedResponseEnc=A128CBC-HS256, com.forgerock.openam.oauth2provider.responseTypes=[1]=code token id_token, com.forgerock.openam.oauth2provider.refreshTokenLifeTime=604800, com.forgerock.openam.oauth2provider.defaultScopes=[5]=me.update-password, com.forgerock.openam.oauth2provider.description=[0]=OAuth 2.0 Client, com.forgerock.openam.oauth2provider.requestObjectEncryptionEnc=A128CBC-HS256, com.forgerock.openam.oauth2provider.subjectType=Public, sunIdentityServerDeviceStatus=Active, com.forgerock.openam.oauth2provider.requestURIs, com.forgerock.openam.oauth2provider.authorizationCodeLifeTime=120, com.forgerock.openam.oauth2provider.redirectionURIs=[0]=http://localhost:9080/callback, com.forgerock.openam.oauth2provider.grantTypes=[2]=refresh_token, com.forgerock.openam.oauth2provider.clientSessionURI, idTokenEncryptionAlgorithm=RSA-OAEP-256, com.forgerock.openam.oauth2provider.userinfo.signedResponseAlg, com.forgerock.openam.oauth2provider.defaultScopes=[8]=user.recover-username, com.forgerock.openam.oauth2provider.clientName=[0]=Test Application, com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod=client_secret_basic, com.forgerock.openam.oauth2provider.requestObjectEncryptionAlg, com.forgerock.openam.oauth2provider.responseTypes=[4]=id_token, com.forgerock.openam.oauth2provider.responseTypes=[3]=code, com.forgerock.openam.oauth2provider.accessTokenLifeTime=3600, com.forgerock.openam.oauth2provider.jwtTokenLifeTime=3600, com.forgerock.openam.oauth2provider.defaultScopes=[6]=password-policy.read, com.forgerock.openam.oauth2provider.scopes=[9]=user.create, com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg=RS256, com.forgerock.openam.oauth2provider.jwksCacheTimeout=3600000, isConsentImplied=true, com.forgerock.openam.oauth2provider.defaultScopes=[7]=user.reset-password, idTokenEncryptionEnabled=false, com.forgerock.openam.oauth2provider.scopes=[4]=me.update, com.forgerock.openam.oauth2provider.postLogoutRedirectURI=[0]=http://localhost:9080, com.forgerock.openam.oauth2provider.defaultScopes=[2]=email, com.forgerock.openam.oauth2provider.tokenEndpointAuthSigningAlgorithm=RS256, com.forgerock.openam.oauth2provider.responseTypes=[0]=code id_token, com.forgerock.openam.oauth2provider.clientType=Confidential, com.forgerock.openam.oauth2provider.sectorIdentifierURI, com.forgerock.openam.oauth2provider.claims, com.forgerock.openam.oauth2provider.grantTypes=[1]=client_credentials, com.forgerock.openam.oauth2provider.defaultMaxAge=600, com.forgerock.openam.oauth2provider.claimsRedirectionURIs, com.forgerock.openam.oauth2provider.scopes=[2]=email, com.forgerock.openam.oauth2provider.contacts, com.forgerock.openam.oauth2provider.jwkStoreCacheMissCacheTime=60000, com.forgerock.openam.oauth2provider.scopes=[6]=password-policy.read, com.forgerock.openam.oauth2provider.scopes=[1]=profile, com.forgerock.openam.oauth2provider.grantTypes=[3]=password, com.forgerock.openam.oauth2provider.scopes=[7]=user.reset-password, com.forgerock.openam.oauth2provider.responseTypes=[2]=code token, defaultAcrValues, com.forgerock.openam.oauth2provider.publicKeyLocation=jwks_uri, com.forgerock.openam.oauth2provider.userinfo.responseFormat=JSON, com.forgerock.openam.oauth2provider.scopes=[10]=user.read, com.forgerock.openam.oauth2provider.scopes=[8]=user.recover-username, com.forgerock.openam.oauth2provider.defaultScopes=[4]=me.update, com.forgerock.openam.oauth2provider.defaultScopes=[10]=user.read, com.forgerock.openam.oauth2provider.defaultScopes=[1]=profile, com.forgerock.openam.oauth2provider.jwksURI=http://openam:80/oauth2/connect/jwk_uri, agentgroup, idTokenEncryptionMethod=A128CBC-HS256, com.forgerock.openam.oauth2provider.oauth.mixUpMitigationEnabled=false, com.forgerock.openam.oauth2provider.scopes=[3]=me.read, com.forgerock.openam.oauth2provider.scopes=[0]=openid, com.forgerock.openam.oauth2provider.name=[0]=Test Application, idTokenPublicEncryptionKey, com.forgerock.openam.oauth2provider.defaultScopes=[9]=user.create, com.forgerock.openam.oauth2provider.responseTypes=[6]=token, com.forgerock.openam.oauth2provider.defaultScopes=[0]=openid, com.forgerock.openam.oauth2provider.userinfo.encryptedResponseAlg, com.forgerock.openam.oauth2provider.requestObjectSigningAlg, com.forgerock.openam.oauth2provider.grantTypes=[0]=authorization_code, userpassword=AQICb27nOBGLsoj5yERKLciGc9BEoOz6DdDuFa9ZynUGVclSpcUzmNutVydgh3ZioCFMlQGH4PSOXsc=, com.forgerock.openam.oauth2provider.responseTypes=[5]=token id_token, com.forgerock.openam.oauth2provider.clientJwtPublicKey], sunserviceID=[OAuth2Client], objectclass=[top, sunServiceComponent]}
      Modifcation Set	: null
      

      This appears to be because attributes that have a value of null are being included in the list of attributes that is being returned LDAP-style.

      I'm not sure what the behaviour should be, I have a feeling the values should just be omitted, and that the error is indicative of FBC not returning the correct data, rather than of an error condition that should be relaxed.

      The volume of logging is sufficient that investigating an issue is hampered substantially.

      It seems that this logging statement should not be `error`, as processing carries on quite happily. Perhaps it should be `debug`?

        Attachments

          Issue Links

            Activity

              People

              phillcunnington Phill Cunnington
              jamesphillpotts James Phillpotts
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: