Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9283

When using ssoadm to create a batch of Federation entities, "Entity existed in the circle of trust" error is given when the entity does not exist

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0
    • Fix Version/s: 13.5.1, 14.0.0
    • Component/s: CLI, SAML
    • Labels:
    • Sprint:
      AM Sustaining Sprint 24, AM Sustaining Sprint 30
    • Support Ticket IDs:

      Description

      When user is trying to create a batch of SAML entities it is possible that the user will receive the following message even though the entity does not exist in the circle of trust yet:

      Steps to reproduce are as follows:

      1. Deploy OpenAM 13 instance.
      2. Deploy OpenAM 13 tools.
      3. Create COT in admin console.
      4. From command line use ./ssoadm do-batch -u amadmin -f [path/to/password/file] -Z [batch/list/path]

      This error can be intermittent if step 4 is successful, make sure all entities are present in admin console then delete entities and try again. Once this is created you will see the following on the command line:

      Import file, test1.xml.
      Import file, test1-extended.xml
      The entity exists in the circle of trust already.
      There are 3 unprocessed requests.

      In the Config logs you will see the following:

      WARNING: LDAPEventManager.entryChanged No listner objects registred
      amCLI:07/05/2016 06:08:12:335 PM EDT: Thread[main,5,main]: TransactionId[unknown]
      ERROR: CommandManager.<init>
      com.sun.identity.cli.CLIException: The entity existed in the circle of trust already.
      at com.sun.identity.federation.cli.ImportMetaData.handleSAML2Request(ImportMetaData.java:236)
      at com.sun.identity.federation.cli.ImportMetaData.handleRequest(ImportMetaData.java:120)
      at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
      at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
      at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
      at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:576)
      at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:173)
      at com.sun.identity.cli.CommandManager.main(CommandManager.java:150)

      If the entity is not created yet, ssoadm should not throw this error.

        Attachments

          Activity

            People

            • Assignee:
              quentin.castel Quentin CASTEL [X] (Inactive)
              Reporter:
              abel.hoxeng Abel Hoxeng
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 7h
                7h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 5h Time Not Required
                5h