-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.0.2, 11.0.0, 12.0.0, 13.0.0, 14.5.0, 6.0.0, 14.1.2
-
Component/s: policy
-
Labels:
LDAP connection heartbeat settings (introduced by ) should be also added to the policy configuration service page. Probably, LDAP filter conditions don't work after a primary server is down.OPENAM-986
To reproduce the scenario you'd have:
1) install openam and external config store.
2) Create some policies - top level realm would do- with some LDAP filter conditions in the Environment conditions section.
3) Simulate dropping the connection to the config store ( FW or LB, which drops TCP connections after some idle timeout) and restart and see if the policy connection works on policy evaluation
in logs stacktrace similar to :
ERROR: OpenSSOPrivilege.evaluate com.sun.identity.entitlement.EntitlementException: Condition evaluation fails. at org.forgerock.openam.entitlement.conditions.environment.LDAPFilterCondition.evaluate(LDAPFilterCondition.java:94) at com.sun.identity.entitlement.AndCondition.evaluate(AndCondition.java:91) at org.forgerock.openam.entitlement.CachingEntitlementCondition.evaluate(CachingEntitlementCondition.java:119) at com.sun.identity.entitlement.Privilege.doesConditionMatch(Privilege.java:695) at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.internalEvaluate(OpenSSOPrivilege.java:150) at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.access$000(OpenSSOPrivilege.java:63) at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:105) at com.sun.identity.entitlement.opensso.OpenSSOPrivilege$1.run(OpenSSOPrivilege.java:99) at com.sun.identity.session.util.RestrictedTokenContext.doUsing(RestrictedTokenContext.java:81) at com.sun.identity.entitlement.opensso.OpenSSOPrivilege.evaluate(OpenSSOPrivilege.java:98)
- is related to
-
OPENAM-13386 LDAP connection heartbeat interval change don't work
-
- Open
-