Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16242

Lowercase ID attribute does not work with OAuth2 settings.

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 5.5.1, 6.0.0, 6.5.0, 6.0.0.7, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3
    • 5.5.3, 6.0.1, 7.0.0, 6.5.3
    • oauth2, rest
    • Rank:
      1|i00ya7:
    • AM Sustaining Sprint 75
    • 2
    • Yes
    • No
    • Yes and I used the same an in the description
    • 0
    • Future
    • None

    Description

      Bug description

      When the KB https://backstage.forgerock.com/knowledge/kb/article/a75727174 with org.forgerock.openam.idm.attribute.names.lower.case=true is set for the instance and the AM is restarted, REST query on the OAuth2 API will break.

      For example when the following is run

      curl -s  \
       -k \
       -D - \
       --request GET \
       -H 'X-Requested-With: curl' \
       --header "Cookie: iplanetdirectorypro=$tokenID" \
       --header "Content-Type: application/json" \
         "$AMURL/openam/json/realms/root/realms/test/realm-config/agents/OAuth2Client/myClientID"
      
      HTTP/1.1 500 Internal Server Error
      Server: Apache-Coyote/1.1
      X-Frame-Options: SAMEORIGIN
      Content-Length: 0
      Date: Thu, 14 May 2020 07:08:38 GMT
      Connection: close
      

      The exception is

      frRest:05/14/2020 03:08:38:648 PM HKT: Thread[http-nio-8080-exec-6,5,main]: TransactionId[fe8d3ed9-9a20-48e1-9ff3-d1ec49ac453b-1712]
      ERROR: A runtime exception occurred during the CREST request handling
      java.lang.IllegalStateException: Exception from invocation expected to be handled by promise
              at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:100)
              at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:65)
              at org.forgerock.json.resource.AnnotationCollectionInstance.handleRead(AnnotationCollectionInstance.java:51)
              at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:105)
              at org.forgerock.json.resource.Resources$CollectionInstanceIdContextFilter.filterRead(Resources.java:528)
              at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:103)
              at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:256)
              at org.forgerock.json.resource.Router.handleRead(Router.java:331)
              at org.forgerock.openam.core.rest.sms.tree.DescribedGeneralActionsHandler.handleRead(DescribedGeneralActionsHandler.java:87)
              at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:105)
      ....
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.reflect.InvocationTargetException
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
              ... 143 more
      Caused by: java.lang.NullPointerException
              at org.forgerock.openam.core.rest.sms.SmsAbstractAgentProvider.lambda$getNullAttributes$1(SmsAbstractAgentProvider.java:265)
              at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
              at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
              at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1548)
              at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
              at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
              at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
              at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
              at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
              at org.forgerock.openam.core.rest.sms.SmsAbstractAgentProvider.getNullAttributes(SmsAbstractAgentProvider.java:267)
              at org.forgerock.openam.core.rest.sms.SmsAbstractAgentProvider.readInstance(SmsAbstractAgentProvider.java:245)
              at org.forgerock.openam.core.rest.sms.SmsAgentsResource.readInstance(SmsAgentsResource.java:112)
              ... 148 more
      

      Impact

      OAuth2 UI changes may fails (not able to administer) in UI.

      How to reproduce the issue

      1. Create a subrealm
      2. Create a OAuth2 client
      3. Optionally setup to test it all works
      4. See curl query above. It should work
      5. Now set the org.forgerock.openam.idm.attribute.names.lower.case=true as per the KB link https://backstage.forgerock.com/knowledge/kb/article/a75727174 and restart. (Need to restart)
      6. Retest the above and see the failure in CoreSystem logs
      Expected behaviour
      This should not have error. The test
      
      TEST VERIFICATION STEPS:
      --------------------------
      1) Access Agent REST preserve the keys case and should not error out. EG:
      
      curl -s  \
       -k \
       -D - \
       --request GET \
       -H 'X-Requested-With: curl' \
       --header "Cookie: iplanetdirectorypro=$tokenID" \
       --header "Content-Type: application/json" \
         "$AMURL/openam/json/realms/root/realms/test/realm-config/agents/OAuth2Client/myClientID"
      
      2) Querying user REST endpoint say for demo user have lowercase keys if the settings is set
      
      Current behaviour
      500 error. Also Some XUI admin configuration for OAuth2 to list or delete the agent is no longer possible. 
      

      Work around

      None other then undoing the switch and restarting.

      Code analysis

      LowerCase*IdServiceImpl
      ... This returns all IdType keys in lowercase
      

      However configuration lookup in SmsAbstractAgent* will have issue when the key are lowercase and hence not found.

      The MAIN issue is Agent configuration should not be lowercased and i think the attribute for this should only be application. to user and group attributes and not Agent config/client (which are special "Ids)

      Attachments

        Issue Links

          Activity

            People

              chee-weng.chea C-Weng C
              chee-weng.chea C-Weng C
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: