Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11356

Failed to sync password changes from DJ to managed

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      3
    • Sprint:
      OpenIDM Sprint 6.5-6

      Description

      DJ password sync plugin doesn't work with IDM anymore since revision 86bfcc8, with proper config of IDM, DJ and DJ password sync plugin, when modifying the password in DJ of a user that is reconciled from DJ to IDM, the modified password is not synced to IDM, the password is shown as null(The test intentionally decrypt the synced password and display it as clearpassword):

      {
          "_id": "9fba2b81-a2dc-4405-b0f1-564dd350220a",
          "_rev": "0",
          "accountStatus": "active",
          "clearpassword": null,
          "description": "test entry for ldappasswordmodify",
          "displayName": "John Doe",
          "effectiveAssignments": [],
          "effectiveRoles": [],
          "givenName": "John",
          "mail": "john.doe@example.com",
          "sn": "Doe",
          "telephoneNumber": "+44 1234 567890",
          "userName": "jdoe38"
      }
      

      IDM log has exception like

      SEVERE: Unable to find key with alias openidm-localhost and purpose Purpose{secretType=DataDecryptionKey, label='decrypt'}
      [940] Jul 20, 2018 2:37:10 PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3 lambda$handleRequestWithLogging$8
      WARNING: Resource exception: 500 Internal Server Error: "Wrapped org.forgerock.json.JsonValueException: /: org.forgerock.json.crypto.JsonCryptoException: Unable to find descryption key"
      org.forgerock.json.resource.InternalServerErrorException: Wrapped org.forgerock.json.JsonValueException: /: org.forgerock.json.crypto.JsonCryptoException: Unable to find descryption key
              at org.forgerock.json.resource.ResourceException.newResourceException(ResourceException.java:231)
              at org.forgerock.openidm.script.ScriptThrownException.toResourceException(ScriptThrownException.java:135)
              at org.forgerock.openidm.script.handler.ScriptedRequestHandler.convertScriptException(ScriptedRequestHandler.java:372)
              at org.forgerock.openidm.script.handler.ScriptedRequestHandler.lambda$handleAction$1(ScriptedRequestHandler.java:176)
              at org.forgerock.openidm.metrics.MetricsCollector.time(MetricsCollector.java:112)
              at org.forgerock.openidm.script.handler.ScriptedRequestHandler.handleAction(ScriptedRequestHandler.java:157)
              at org.forgerock.json.resource.Router.handleAction(Router.java:250)
              at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
              at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
              at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
              at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
              at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
              at org.forgerock.openidm.audit.filter.AuditFilter.lambda$filterAction$0(AuditFilter.java:113)
              at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:169)
              at org.forgerock.openidm.audit.filter.AuditFilter.filterAction(AuditFilter.java:113)
              at org.forgerock.openidm.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
              at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
              at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      ...
      

      The complete log is attached.
      To reproduce it in Pyforge:
      1. Config IDM, DJ and Stress section in pyforge config/config.cfg, attached is my test config
      2. put IDM zip under pyforge/archives
      3. Ran the command:

      python3 -u run-pybot.py -c stress -i gatling -s *OpenDJPwdSyncPlugin -t IDM_DJ_Password_Sync_Plugin_Checks OpenIDM
      

      4. Observe the symptom.
      the QA debug.txt is also attached where we can see the sequence of the test.
      The same test works well in the commit 34a3e3d which is right before 86bfcc8.

        Attachments

        1. config.cfg
          7 kB
        2. debug.txt
          80 kB
        3. openidm0.log.0
          2.11 MB

          Issue Links

            Activity

              People

              • Assignee:
                whitney.hunter Whitney Hunter [X] (Inactive)
                Reporter:
                Tinghua.Xu Tinghua Xu
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: