Affects Version/s: 188.8.131.52, 7.0.0
Dynamic creation of user profiles is not working anymore.
Start AM with the below command to see the expected behaviour:
Start AM with the below command to see the current behaviour:
- Create a new Server-side Authentication Groovy script called "DynamicProfileScript" and paste the following in the script editor:
- Create a new Authentication Module called "DynamicProfileScriptedModule" of type "Scripted Module". Disable Client-side Script and for the Server-Side Script, select "DynamicProfileScript".
- Create a new chain called "DynamicProfileCreate" and add the module as "Required".
- In Authentication > Settings > User Profile change User Profile to "Dynamic".
- Navigate to http://openam.example.com:8080/am/XUI/#login/&service=DynamicProfileCreate
The authenticated identity is created dynamically:
No identity created for authenticated user:
There is no workaround.
The bug was introduced in this commit: https://stash.forgerock.org/projects/OPENAM/repos/openam/commits/b920ac1dac131e6fb5af7959f37c7035344a2043
Before the change in LoginState.java on line 2183 the "searchIdentity" method use to return an empty set if the identity was not found.
After the change in LoginState.java on line 2139 the "LazyConfig.AUTHD.getIdentity" method throws an exception if the identity was not found, which eventually causes the logic that creates a dynamic identity to be skipped.