[OPENAM-273] com.sun.identity.policy.PolicyManager, when used in client API, does not work across multiple SSO sessions in a single JVM instance Created: 01/Oct/10  Updated: 20/Nov/16  Resolved: 02/Feb/15

Status: Resolved
Project: OpenAM
Component/s: policy
Affects Version/s: Snapshot9
Fix Version/s: 10.0.3, 11.0.3, 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: jkauzlar Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Using ForgeRock OpenAM Express Build 9(2010-February-07 13:29)

Support Ticket IDs:


Summary: If you create a PolicyManager using an SSOToken, and that token subsequently becomes invalid, then creating a new PolicyManager with a new SSOToken gives errors on all operations.

Background: Our company would like to manage our OpenSSO policies by way of a separate web application that makes more sense to problem domain of our business analysts, et al. Our first plan was to recreate the PolicyManager each time the session limit was reached, but has been hindered by this bug. We are now using Agent users, which have unlimited session time, to manage the policies. (See attached enhancement request for more details on how we do this).

Steps to reproduce (all in the same JVM instance):

1) policyManager = new PolicyManager(ssoToken)
2) policyManager.getPolicyNames();
3) destroy the ssoToken or wait for it to time out
4) create a new PolicyManager as in step 1
5) Retrieve policy names again as in step 2

An exception like this is thrown:

[our code's portion of the stacktrace omitted]
Caused by: com.sun.identity.policy.PolicyException: Unable to get policy expd:APPayableEditor for organization dc=opensso,dc=java,dc=net.
service-config: ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMPolicyService,ou=services,dc=opensso,dc=java,dc=net No loger valid. Cache has been cleared. Recreate fromServiceConfigManager
at com.sun.identity.policy.PolicyManager.getPolicy(Unknown Source)
at com.expd.arch.security.opensso.policy.EIPolicyManager.retrievePolicy(EIPolicyManager.java:472)
... 7 more

Comment by jkauzlar [ 01/Oct/10 ]

Delegating privileges to agent users, as noted above: https://bugster.forgerock.org/jira/browse/OPENAM-274

Comment by Peter Major [X] (Inactive) [ 04/Jan/15 ]

PolicyManager is now deprecated, use the REST API to manage policies.

Generated at Tue Oct 27 07:10:49 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.