Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6445

UMA policy with self-sharing creating policy despite failure

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0
    • Fix Version/s: 6.0.0, 5.5.2
    • Component/s: UMA
    • Labels:
    • Needs QA verification:
      No
    • Functional tests:
      Yes

      Description

      Creating an UMA policy that provides the Resource Owner with permissions creates a policy despite returning HTTP-400 Bad Request.

      To recreate:

      1. Create a Resource Set
      curl -X POST -h "Content-Type : application/json" -h "Authorization : Bearer PAT" -d '

      {"scopes":["http://photoz.example.com/dev/scopes/all","http://photoz.example.com/dev/scopes/view"],"icon_uri":"http://www.example.com/icons/flower.png","name":"TestUmaPolicy3","type":"http://photoz.example.com/dev/scopes/view"}

      ' http://openam.example.com:8080/openam/oauth2/resource_set

      2. Create a Policy which include the resource owner (rsUser) as a subject
      curl -X POST -h "Content-Type : application/json" -h "iPlanetDirectoryPro : ACIQ5...*" -d '{"policyId":"3d7b54af-e27a-40e5-99d0-1f5e71887c100","name":"GrantToRO","permissions":[

      {"scopes":["http://photoz.example.com/dev/scopes/all","http://photoz.example.com/dev/scopes/view"],"subject":"rsUser"}

      ]}' http://openam.example.com:8080/openam/json/users/rsUser/uma/policies?_action=create

      At which point the response will be an HTTP-400 with the body

      {
          "code": 400,
          "reason": "Bad Request",
          "message": "loops not allowed"
      }
      

      3. Try and read the failed policy

      curl -X GET -h "Content-Type : application/json" http://openam.example.com/openam/json/users/rsUser/uma/policies/3d7b54af-e27a-40e5-99d0-1f5e71887c100

      At this point the response should be an HTTP-404, as the policy doesn't exist. Instead it returns the policy as it was POSTed, despite the fact that this will cause issues with the policy processing.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              samdrew Sam Drew
              QA Assignee:
              Sam Drew
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: