[OPENAM-6390] Retrieving User in federation returns the amIdentity with id in lower case - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 12.0.0
Fix Version/s: 12.0.3, 13.5.0
Component/s: SAML
Labels:
- EDISON

Target Version/s:

12.0.4, 13.5.0

Sprint:
Sustaining Sprint 10, Sustaining Sprint 11, AM Sustaining Sprint 21

Support Ticket IDs:

Verified Version/s:

12.0.4

Description

This seems to affect various areas of the federation code.

IdRepoDataStoreProvider.getUserID normalizes the amIdentity of the user:

 return DNUtils.normalizeDN(IdUtils.getUniversalId(amId));

which converts the id into lower case.

For example, set up federation with persistent nameid-format and create a user with mixed cases on the SP side, eg UserTest
Establish the initial federation.
Upon federating again afterwards, the account mapper will retrieve the user with lower cases. In the SP federation log you will see:

libSAML2:07/09/2015 11:23:07:076 AM BST: Thread[http-bio-38080-exec-15,5,main]
SAML2Utils:isFedInfoExists : true
libSAML2:07/09/2015 11:23:07:076 AM BST: Thread[http-bio-38080-exec-15,5,main]
SPACSUtils.processResponse: userName : id=usertest,ou=user,dc=openam,dc=forgerock,dc=org

This may have an impact later down the line, for example, when trying to retrieve the username through a REST call to ".../openam/json/users?_action=idFromSession ..."; response would be:

{"id":"usertest", ...

Attachments

Issue Links

is required by

OPENAM-11059 Dynamic registration fails, if the username is looking at a DN

In Progress

Activity

People

Assignee:

Peter Major

Reporter:

Nathalie Hoet

QA Assignee:

Filip Kubáň

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

15/Jul/15 12:16 PM

Updated:

23/Mar/18 4:24 PM

Resolved:

06/May/16 1:24 PM

Time Tracking

Estimated:

Remaining:

Logged: