Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17829

External UMA Resource Set using SSL but not StartTLS fails

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.1.0, 7.2.0
    • 2021.6, 7.2.0
    • UMA
    • None
    • Rank:
      1|i04vce:

    Description

      Bug description

      If AM is configured to store UMA resource sets in an external DS that uses SSL but not StartTLS then there will be an error trying to create a resource set.

      How to reproduce the issue

      1. Deploy ForgeOps (this has the correct setup by default)
      2. Checkout the docs repo and import the ForgeRock UMA Collection into postman
      3. Run the Prerequisites
      4. Attempt the UMA Resource Registration Flow
      Expected behaviour
      All queries return 200 or 201
      
      Current behaviour
      Step 2: Register an UMA resource returns an HTTP 500.
      

      Work around

      Configure your UMA store so that either both SSL and StartTLS are enabled or both disabled.

      Code analysis

      org.forgerock.openam.sm.datalayer.impl.ResourceSetDataLayerConfiguration.java
      @Override
          public void updateExternalLdapConfiguration(ModifiedProperty<String> hosts, ModifiedProperty<String> username,
                  ModifiedProperty<String> password, ModifiedProperty<String> maxConnections,
                  ModifiedProperty<Boolean> sslMode, ModifiedProperty<Integer> heartbeat,
                  ModifiedProperty<Boolean> affinityEnabled, ModifiedProperty<Boolean> startTLS) {
              hosts.set(SystemProperties.get(STORE_HOSTNAME));
              username.set(SystemProperties.get(STORE_USERNAME));
              password.set(AMPasswordUtil.decrypt(SystemProperties.get(STORE_PASSWORD)));
              maxConnections.set(SystemProperties.get(STORE_MAX_CONNECTIONS));
              sslMode.set(SystemProperties.getAsBoolean(STORE_SSL_ENABLED, false));
              heartbeat.set(SystemProperties.getAsInt(STORE_HEARTBEAT, -1));
              affinityEnabled.set(false);
              startTLS.set(SystemProperties.getAsBoolean(STORE_SSL_ENABLED, false));
          }
      

      The startTLS property is set using the SSL property but should be set using the startTLS property.

      Attachments

        Issue Links

          Activity

            People

              isaac.taylor Isaac Taylor
              isaac.taylor Isaac Taylor
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: