Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6385

Revoking access to individual resource using XUI fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0
    • Fix Version/s: 13.0.0
    • Component/s: UMA
    • Environment:
      Centos 7.1
      Tomcat 7
      Oracle Java 8
    • Sprint:
      Sprint 91 - Team Tesla

      Description

      1) Register an UMA resource as user X
      2) Go to OpenAM dashboard and manage shares
      3) Share resource with user Y
      4) Go to OpenAM dashboard and manage share
      5) Click on the resource that was shared before
      6) Click the delete button on the policy that was just created (not the revoke all button)

      It will disappear in XUI but if you navigate away and return it will still be there.

      Example curl request reproducing the behaviour:

      curl -X PUT -H "VAGRANT_SSO: AQIC5wM2LY4SfcxKcosSAV2mS3DitFcO2w-BzE0ToV1m2pg.*AAJTSQACMDIAAlNLABQtODM1MTc2NTk0OTc5MTU3NDI5NAACUzEAAjAx*" -H "Content-Type: application/json"  -d '{
        "policyId": "be92ba49-3f27-4586-9cb2-e5a4a34345de0",
        "name": "Example323",
        "permissions": [
        ]
      }' 'https://sso.vagrant.delegations.org.nz/sso/json/users/44a461d4-7e8f-4717-a6ed-3131da96e6e4/uma/policies/be92ba49-3f27-4586-9cb2-e5a4a34345de0'
      {
        "policyId": "be92ba49-3f27-4586-9cb2-e5a4a34345de0",
        "name": "Example323",
        "permissions": []
      }
      

      Check resource status now:

      curl -X GET -H "VAGRANT_SSO: AQIC5wM2LY4SfcxKcosSAV2mS3DitFcO2w-BzE0ToV1m2pg.*AAJTSQACMDIAAlNLABQtODM1MTc2NTk0OTc5MTU3NDI5NAACUzEAAjAx*" -H "Content-Type: application/json" 'https://sso.vagrant.delegations.org.nz/sso/json/users/44a461d4-7e8f-4717-a6ed-3131da96e6e4/uma/policies/be92ba49-3f27-4586-9cb2-e5a4a34345de0'
      {
        "policyId": "be92ba49-3f27-4586-9cb2-e5a4a34345de0",
        "name": "Example323",
        "permissions": [
          {
            "subject": "asdas",
            "scopes": [
              "http://test-harness.delegations.org.nz/view"
            ]
          }
        ]
      }
      

      Also the admin guide says that when updating an uma resource it should return "HTTP 204 Empty status code is returned, with an empty JSON body as the response."
      http://openam.forgerock.org/doc/bootstrap/admin-guide/#to-update-an-uma-policy

      We are using OpenAM 13.0.0-SNAPSHOT Build 14532 (2015-July-09 03:09)

        Attachments

          Activity

            People

            • Assignee:
              jamesphillpotts James Phillpotts
              Reporter:
              timja Tim Jacomb [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: