Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9813

Policy with Subject exclusive set is lost on upgrade

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0
    • Fix Version/s: 12.0.5, 13.5.1, 14.0.0
    • Component/s: upgrade
    • Labels:
    • Environment:
      OpenAM 11.0.x
    • Sprint:
      AM Sustaining Sprint 29, AM Sustaining Sprint 30
    • Support Ticket IDs:

      Description

      Problem:
      Policies with Subject exclusive enabled are lost on not upgrade to later version (not migrated properly). For example create

      Testcase/Description

      • Simple URL Policy with Subject with group g0 (for http*://:/g0) with GET/POST allow
      • Simple URL Policy with Subject with group g0 as above but with exclusive set (for http*://:/notg0)
      • Populate Group g0 with user u0 and have a user u1 not in g0
      • Login as u0.

      Expected
      On OpenAM11 (expected) and must be so on AM12.0.3/13/13.5 (upgraded)

      Observed
      On Upgraded 12/13/13.5

      The reason being the upgrade steps the policy for http://*:*/notg0 did not set the exclusive for this policy. (ie it ends up with "ALL of..." (and do not have "NOT") of g0)

      Other

      • It is seen that exporting from OpenAM11 (from list-policies) and importing to OpenAM12 (create-policies), the exclusion policies are retained fine. (working).

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: