Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9012

LDAP connection heartbeat settings should be also added to policy configuration

    Details

    • Sprint:
      AM Sustaining Sprint 34, AM Sustaining Sprint 35, AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      LDAP connection heartbeat settings (introduced by OPENAM-986) should be also added to the policy configuration service page. Probably, LDAP filter conditions don't work after a primary server is down.

       To reproduce the scenario you'd have:

      1) install openam  and external config store.

      2) Create some policies - top level realm would do- with some LDAP filter conditions in the  Environment conditions section.

      3) Simulate dropping the connection to the config store ( FW or LB, which drops TCP connections after some idle timeout) and restart and see if the policy connection works on policy evaluation

      in logs stacktrace similar to :

      
      ERROR: OpenSSOPrivilege.evaluate
      com.sun.identity.entitlement.EntitlementException: Condition evaluation fails.
              at org.forgerock.openam.entitlement.conditions.environment.LDAPFilterCondition.evaluate(LDAPFilterCondition.java:94)
              at com.sun.identity.entitlement.AndCondition.evaluate(AndCondition.java:91)
              at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:119)
              at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695)
              at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:150)
              at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63)
              at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105)
              at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99)
              at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81)
              at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                kohei kohei
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: