Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16203

SAML SSO Admin Create SAML entities does not add attribute mappings

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.3
    • Fix Version/s: 6.5.3
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Rank:
      1|i00uvz:
    • Sprint:
      AM Sustaining Sprint 77
    • Story Points:
      5
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Description: 

      When creating hosted/remote entities in Admin console, specifying the attribute mapping, e.g. mail -> mail is not saved.

      Reproduction steps:

      1. Deploy two AM instance, embedded config and user store, e.g. http://idp.amtest2.com:9080/access and http://sp.amtest2.com:7080/access
      2. Login as amadmin to IdP, navigate to top level realm, dashboard.
      3. Create a hosted Identity Provider.  Use signing cert alias of test, create a COT, idp_test.  Specify an attribute mapping of mail -> mail, click add so that this is included in the list and then click create.
      4. Repeat for a hosted SP on SP (no attribute map included when created).
      5. Then using the exportmetadata url (e.g.http://idp.amtest2.com:9080/access/saml2/jsp/exportmetadata.jsp) , create a remote IdP on SP (again no attribute map included on creation page).
      6. Repeat on IdP to create a remote SP and specify attribute mapping.  (http://sp.amtest2.com:7080/access/saml2/jsp/exportmetadata.jsp).
      7. Observe the created entities Assertion Processing tab attribute map values.

      Expected behaviour: 

      The Hosted IdP, Hosted SP and Remote SP entities Assertion Processing attribute maps should include the mail -> mail mapping configured.

      Current behaviour: 

      No mapping is shown for the Hosted IdP and Hosted SP.  This can then cause issues for SAML SSO flows for the mapping of remote to local users.

      Workaround: 

      Add the mappings manually after creating the entities.

        Attachments

          Activity

            People

            Assignee:
            lawrence.yarham Lawrence Yarham
            Reporter:
            lawrence.yarham Lawrence Yarham
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: