Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.5.0.2, 6.5.0.3
-
Fix Version/s: 6.5.0.4
-
Component/s: Module - Authorization, Module - Managed Objects
-
Labels:
-
Environment:IDM 6.5.0.3 Repo doesn't matter nor target
Description
Steps to recreate:
- Install IDM
- Create a managed user with userName demo and password Password1.
- Run the test curl statement (result: 403)
- curl --location --request GET 'http://localhost:8080/openidm/managed/user?_queryFilter=true' \ --header 'X-OpenIDM-Username: demo' \ --header 'X-OpenIDM-Password: Password1'
- Go into the console, to manage internal roles.
- Select openidm-authorized and add a privilege for the user above.
- Select User and enter a demo, hit save.
- Repeat the test curl (result: 200 with user info)
- Change the mail attribute on the managed user to allow null values.
- Repeat the test curl (result: 500)
Error seen in logs:
SEVERE: RuntimeException caughtSEVERE: RuntimeException caughtorg.forgerock.json.JsonValueException: /objects/0/schema/properties/mail/type: Expecting a java.lang.String at org.forgerock.json.JsonValue.expect(JsonValue.java:762)
Area of interest:
at org.forgerock.openidm.authz.DelegatedAdminFilter.attributeIsRelationship(DelegatedAdminFilter.java:371)
if (attrSchema.isDefined("type") && attrSchema.get("type").asString().equals("array")
&& attrSchema.isDefined("items") && attrSchema.get("items").isDefined("type")
&& attrSchema.get("items").get("type").asString().equals("relationship"))