Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 7.0.0
-
Fix Version/s: 7.0.0
-
Component/s: rest
-
Target Version/s:
-
Rank:1|hzzo9z:
-
Needs backport:Yes
-
Needs QA verification:No
-
Functional tests:No
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Description
Bug description
The /json/users endpoint no longer produces useful information. The fields in its output are needed by the Agents to fulfill profile attribute requests. Traditionally when providing an Agent based SSO token, the agent has all properties whitelisted. In fact, I vaguely recall adding that code in AM.
How to reproduce the issue
Basically, run this curl substituting an Agent SSO token as appropriate (or alternatively, an SSO token for the user "demo"):
curl -X GET \ --header 'Content-Type: application/json' \ --header 'Accept-API-Version: protocol=1.0,resource=1.0' \ --cookie 'iPlanetDirectoryPro=<Agent sso SSO token>' \ http://openam.example.com:8080/openam/json/realms/root/users/demo
Expected behaviour
For AM 6.5.* the following output results:
{ "username": "demo", "realm": "/", "uid": [ "demo" ], "universalid": [ "id=demo,ou=user,dc=openam,dc=forgerock,dc=org" ], "objectClass": [ "iplanet-am-managed-person", "inetuser", "sunFederationManagerDataStore", "sunFMSAML2NameIdentifier", "inetorgperson", "sunIdentityServerLibertyPPService", "devicePrintProfilesContainer", "iplanet-am-user-service", "iPlanetPreferences", "pushDeviceProfilesContainer", "forgerock-am-dashboard-service", "organizationalperson", "top", "kbaInfoContainer", "person", "sunAMAuthAccountLockout", "oathDeviceProfilesContainer", "webauthnDeviceProfilesContainer", "iplanet-am-auth-configuration-service" ], "dn": [ "uid=demo,ou=people,dc=openam,dc=forgerock,dc=org" ], "inetUserStatus": [ "Active" ], "cn": [ "demo" ], "sn": [ "demo" ], "createTimestamp": [ "20191218152736Z" ], "roles": [ "ui-self-service-user" ] }
Current behaviour
For AM 7.0 the following output results:
{ "realm": "/", "username": "demo", "uid": [ "demo" ], "sn": [ "demo" ], "cn": [ "demo" ], "roles": [ "ui-self-service-user" ] }
Attachments
Issue Links
- is related to
-
AMAGENTS-3331 5.7 - WPA - AM Compatibility
-
- Closed
-
-
AMAGENTS-3342 5.7 - Java Agent - AM Compatibility
-
- Closed
-