Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5187

Can't delete a migrated policy using Policy Editor

    Details

    • Sprint:
      Sprint 74 - Team Newton, Sprint 75 - Team Newton
    • Support Ticket IDs:

      Description

      Not sure if this is a policy migration problem or policy editor problem.

      I have a policy that has been migrated from legacy format to new format in an OpenAM deployment. When I try to delete one of the 10 policies that were created as a result of migration, I get:

      Bad Request Error

      Resource name '/policies/Rockshop_Checkout_https://forgerock-rockshop.openrock.org:443/wp-login.php' contains empty path elements

      I can easily recreate the problem so please stop by if you'd like to see it on my setup.

      Here's the XML that was used to create the policy (env vars in here will need to be resolved):

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <!DOCTYPE Policies 
      PUBLIC "-//OpenSSO Policy Administration DTD//EN"
      "jar://com/sun/identity/policy/policyAdmin.dtd">
      
      <Policies>
      <Policy name="Rockshop_Checkout" referralPolicy="false" active="true" >
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/*?*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/*?*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/checkout/" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php?*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php?*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php*?*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/wp-login.php*?*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-account/">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-account/" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Rule name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/*?*">
      <ServiceName name="iPlanetAMWebAgentService" />
      <ResourceName name="$OPENIG_HTTP_SCHEME://$ROCKSHOP_PUBLIC_FQDN:$OPENIG_PORT/my-account/edit-address/*?*" />
      <AttributeValuePair>
      <Attribute name="POST" />
      <Value>allow</Value>
      </AttributeValuePair>
      <AttributeValuePair>
      <Attribute name="GET" />
      <Value>allow</Value>
      </AttributeValuePair>
      </Rule>
      <Subjects name="Subjects:13923158582566k2Z2vo=" description="">
      <Subject name="All Authenticated Users" type="AuthenticatedUsers" includeType="inclusive">
      </Subject>
      </Subjects>
      </Policy>
      </Policies>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                neil.madden Neil Madden
                Reporter:
                David.Goldsmith David Goldsmith
                QA Assignee:
                Alex Walker [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: