[OPENAM-13325] REST Endpoint /json/subjectattributes not working as documented Created: 10/Jul/18  Updated: 08/May/19

Status: Open
Project: OpenAM
Component/s: API descriptor
Affects Version/s:, 6.5.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Vincent Koldenhof Assignee: Unassigned
Resolution: Unresolved Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|hzw9i7:
Support Ticket IDs:


Bug description

In the AM-6-Authorization Guide on page 91 is a example on how to use the REST interface to query the subjects attributes. The example shows an "Accept-API-Version" header which does not work. When the example is executed the response is a 

"code": 500,
"reason": "Internal Server Error",
"message": "Can not start an object, expecting field name (context: Object)"


How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

  1. Execute the example as described on page 91. and substitute the cookie value with a valid one. 
  2. OR, use the API-Explorer. This gives the same error message.


$ curl \

--header "iPlanetDirectoryPro: AQIC5..."


--header "Accept-API-Version: resource=1.0" \



"result" : [












"resultCount": 87,

"pagedResultsCookie": null,

"remainingPagedResults": 0



Expected behaviour
List of attributes
Current behaviour
"code": 500,
"reason": "Internal Server Error",
"message": "Can not start an object, expecting field name (context: Object)"

Work around

If you provide the correct Header ""Accept-API-Version: protocol=1.0,resource=1.0" " it works. 


Code analysis

Please also update the documentation and the api-explorer.


Comment by Cristina Herraz [ 10/Jul/18 ]

The endpoint is documented as it is in the API explorer. I've tested in 6.0 and I can repro the error 500 with the API explorer – however I don't know what's expected or if the endpoint requires any configuration behind the scenes.

Taken "documentation" from here so it can be triaged by dev.

Comment by James Phillpotts [ 27/Sep/18 ]

We shouldn't document to use an old version of the protocol - this endpoint should be made to work with the current (i.e. unspecified) protocol.

Comment by Sam Phua [ 03/May/19 ]

The current working syntax is


curl \ 
     --header "iPlanetDirectoryPro: AQIC5..." \ 
     --header "Accept-API-Version: resource=1.0, protocol=1.0" \ 

{ "result" : [ "sunIdentityServerPPInformalName", "sunIdentityServerPPFacadeGreetSound", "uid", "manager", "sunIdentityServerPPCommonNameMN", "sunIdentityServerPPLegalIdentityGender", "preferredLocale", "...", "...", "..." ], "resultCount": 87, "pagedResultsCookie": null, "remainingPagedResults": 0 }

If we should not document to use an old version of protocol, this bug need to be fixed as we are still providing a documentation that does not work. This will generate unnecessary support ticket


Generated at Thu Feb 25 16:23:45 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.