Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18033

OIDC AuthN Tree Flow - JSON mapping cannot contain a dot symbol in key name

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.0.1
    • None
    • OpenID Connect, trees
    • Rank:
      1|i051w6:

      Description

      In AM 7.0.1 with Social authentication tree flow and OIDC auth tree node, the values have to be read from /userinfo endpoint and the following attr mappings are configured:
      Account Mapper
      org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
      Attribute Mapper
      org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
      Account Mapper Configuration
      sub sub
      family_name sn
      locale preferredlocale
      signicat.national_id cn
      Attribute Mapper Configuration
      sub sub
      family_name sn
      locale preferredlocale
      signicat.national_id cn
       
      The /userinfo response is as follows:

       {   "sub":"LEIZwuW_v2xWdDyBoZke5V_OSUN7-eFu",   "name":"John Doe",   "signicat.national_id":"195809051880",   "given_name":"John",   "locale":"SV",   "family_name":"Doe" }

      Any value from the response above can be mapped without a problem, except signicat.national_id.
       
      This is the error found in the logs:

       JsonAttributeMapper","message":"defaultAttributeMapper.getAttributes: Could not get the attribute 'signicat.national_id'","context":"default","exception":"org.json.JSONException: JSONObject[\"signicat\"] not found.\n\tat org.json.JSONObject.get(JSONObject.java:498)\n\tat org.json.JSONObject.

      It seems like the parser is interpreting the JSON for signicat.national_id as an object and as such, Java has a problem where there is a dot (.) in the key name and it is not a JSON object like:
      "signicat":

      {  "national_id":"1122" }

      ...while it is supposed to be a property signicat.national_id.

      Expected behaviour
      key name should be treated as a property
      
      Current behaviour
      key name is treated as a subject
      

      Work around

      The following mappings do not work:
      signicat[\"national_id\"] cn
      signicat['national_id'] cn
      signicat\u002enational_id cn

        Attachments

          Activity

            People

            Unassigned Unassigned
            alex.belovski Alex Belovski
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: