[OPENAM-8490] ssoadm create-metadata-templ should be able to populate service URLs using the site address - ForgeRock JIRA

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 11.0.3, 12.0.2
Fix Version/s: None
Component/s: CLI, SAML
Labels:
- AME

Target Version/s:

14.5.0
Rank:
1|hzr3mv:

Support Ticket IDs:

Description

When creating a metadata template, the xml will contain some service endpoints. For example:

 <ArtifactResolutionService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
            Location="http://server1.example.com:8080/openam/ArtifactResolver/metaAlias/realm/idp"
            index="0"
            isDefault="1"/>

For deployments behind an LB, it's preferred to have:

 <ArtifactResolutionService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
            Location="https://site.example.com:443/openam/ArtifactResolver/metaAlias/realm/idp"
            index="0"
            isDefault="1"/>

If an entity is created in the console when logged in via the site URL, the location fields in the entity will use the site URL. If created when logged in directly to a server, the location will map to the server URL.

If an entity is created through use of ssoadm create-metadata-templ, there is no way to request the site URL be used.

Steps to reproduce:

1. Install OpenAM behind an LB and setup ssoadm.
2. Run create-metadata-templ.

ssoadm create-metadata-templ -u amadmin -f /home/fr/pw.txt -y https://ha.example.com:443/openam -x x.xml -m m.xml -i /realm/idp -b test

3. Observer values in Location parameters for service endpoints are always mapped to the server ssoadm is run from.

There should be a way to populate these endpoints with the site URL.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Andrew Dunn [X] (Inactive)

Votes:

1 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

04/Mar/16 3:21 PM

Updated:

11/May/17 11:38 AM