[OPENAM-5386] Policy editor doesn't always use realm-specific REST endpoints Created: 31/Dec/14  Updated: 20/Nov/16  Resolved: 20/Nov/16

Status: Closed
Project: OpenAM
Component/s: policy editor
Affects Version/s: 12.0.0
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Nathalie Hoet Assignee: Peter Major [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: release-notes, verified
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Support Ticket IDs:
QA Assignee: Alex Walker [X] (Inactive)
Verified Version/s:

 Description   

To reproduce:

  • Create a subrealm with a datastore different from the datastore in the top realm, let's call it realmB
  • Create a group in realmB, called groupB
  • Create a referral to realmB for a resource called resourceB
  • Create a Policy in realmB for resourceB
  • Add a subject condition; groupB is not displayed in the menu and can not be typed in and saved

Workaround:

  • Create a dummy group in top realm: mydummygroup
  • Create a policy in realmB with subject group mydummygroup
  • Export all policies from realmB
  • In the export look for occurrences of mydummygroup; you should find outputs such as: id=mydummygroup,ou=group,dc=openam,dc=forgerock,dc=org
  • Replace the occurrences by
    id=groupB,ou=group,o=realmB,dc=openam,dc=forgerock,dc=org
  • Delete the old policies from realmB
  • Import the policies from the modified file


 Comments   
Comment by Jari Ahonen [ 02/Jan/15 ]

The policy response subject attribute selector has the same problem. The attribute names are coming from root realm data store configuration.

Comment by Peter Major [X] (Inactive) [ 15/Jan/15 ]

Fixed with R12081 and R12082

Comment by Alex Walker [X] (Inactive) [ 06/Feb/15 ]

Can create policy in subrealm using a group from the subrealm that is not in the root realm, closing verified in OpenAM 13.0.0-SNAPSHOT Build 12373 (2015-February-06 02:57)

Comment by Nemanja Lukic [ 14/Jul/15 ]

Verified in: OpenAM 12.0.1 Build 14322 (2015-June-22 16:03)

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Comment by Quentin CASTEL [X] (Inactive) [ 20/Nov/16 ]

modification of the status, in order to migrate the 'Zendesk ID' field to 'Support Ticket ID' field.

Generated at Wed Oct 21 09:39:17 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.