[OPENAM-11937] Federation UI does not allow empty NameIDMappingService Created: 12/Oct/17  Updated: 06/Feb/19  Resolved: 08/Nov/17

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 13.5.0, 13.5.1, 14.0.0, 14.1.1, 14.5.0
Fix Version/s: 13.5.2, 6.0.0, 14.1.2, 5.5.2

Type: Bug Priority: Major
Reporter: C-Weng C Assignee: C-Weng C
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicates OPENAM-11268 SAML2 IDP metadata missing NameIDMapp... Resolved
is related to OPENAM-11268 SAML2 IDP metadata missing NameIDMapp... Resolved
Rank: 1|hzkzjj:
Sprint: AM Sustaining Sprint 44
Story Points: 2
Needs backport:
Support Ticket IDs:
Verified Version/s:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
Yes and I used the same an in the description


Bug description

Importing a Remote IDP saml which does not have NameIDMappingService.
Then later goto the SAML2 service for the IDP and try to goto the Service
tab and save or configure anything. This fails with Entity descriptor "saml-idp" under realm "/" has invalid syntax."

How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

1. Create an IDP using the wizard
2. Now export the IDP metadata and remove the NameIDMappingService from the exported metadata
3. Now import the changed IDP metadata again (using ssoadm import-entity) say after removing this IDP.
4. Test configuring other saml metadata property and when save the error is seen.

Expected behaviour
NameIDMappingService is optional and should be possible to be empty and not cause the UI to fail
Current behaviour

Error seen on UI

Entity descriptor "......" under realm "/" has invalid syntax." 

Exception seen when saving the settings on the Federation logs:

at javax.xml.bind.helpers.AbstractMarshallerImpl.marshal(AbstractMarshallerImpl.java:116)
        at com.sun.identity.saml2.meta.SAML2MetaUtils.convertJAXBToString(SAML2MetaUtils.java:187)
        at com.sun.identity.saml2.meta.SAML2MetaUtils.convertJAXBToAttrMap(SAML2MetaUtils.java:221)
        at com.sun.identity.saml2.meta.SAML2MetaManager.setEntityDescriptor(SAML2MetaManager.java:406)
        at com.sun.identity.console.federation.model.SAMLv2ModelImpl.setIDPStdAttributeValues(SAMLv2ModelImpl.java:1231)
        at com.sun.identity.console.federation.SAMLv2IDPServicesViewBean.handleButton1Request(SAMLv2IDPServicesViewBean.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
                at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.xml.bind.serializer.AbortSerializationException


        at com.sun.identity.saml2.jaxb.assertion.impl.runtime.SAXMarshaller.repo


        at com.sun.identity.saml2.jaxb.assertion.impl.runtime.SAXMarshaller.text


        at com.sun.identity.saml2.jaxb.metadata.impl.EndpointTypeImpl.serializeAttributes(EndpointTypeImpl.java:88)

                at com.sun.identity.saml2.jaxb.metadata.impl.IDPSSODescriptorElementImpl

other errors sent to Tomcat logs:

DefaultValidationEventHandler: [ERROR]: a required field "Location" is missing an object 
     Location:  obj: com.sun.identity.saml2.jaxb.metadata.impl.NameIDMappingServiceElementImpl@2dca0f4a

Work around

Either do the config changes using export-entity/import-entity or set a bogus value (non-empty) for the NameIDMappingService.

Code analysis

... may need to avoid creating the NameIDMappingService when there is no value.

Comment by Ľubomír Mlích [ 06/Nov/17 ]

Reproduced in OpenAM 13.5.2-M7 Build 1d3e4900c0 (2017-October-20 09:14)
Verified in OpenAM 13.5.2-M8 Build 1e79511bcb (2017-October-30 15:13)

Comment by Ľubomír Mlích [ 08/Nov/17 ]

Verified in OpenAM 14.1.2-M2 Build e8116f5a64 (2017-November-06 11:10) 

Generated at Fri Mar 05 07:03:11 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.