[OPENAM-5821] Realm parameter is redundant in rest body for policy applications Created: 14/Apr/15  Updated: 24/Aug/15  Resolved: 05/Aug/15

Status: Closed
Project: OpenAM
Component/s: policy, rest
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 13.0.0

Type: Bug Priority: Major
Reporter: Richard Hruza Assignee: Jaco Jooste
Resolution: Fixed Votes: 0
Labels: AME, CURIE, verified
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

OpenAM 13.0.0-SNAPSHOT Build 13426 (2015-April-14 02:53)

Rank: 1|hzlihb:
Sprint: Sprint 91 - Team Curie
QA Assignee: Richard Hruza Richard Hruza
Verified Version/s:


Realm parameter is a redundant in rest body for policy applications. Realm is specified in endpoint:
Top realm:
/json/<REALM NAME>/applications/

The parameter seems entirely redundant, and potentially risky

If I don't provide realm parameter for top realm, realm is set to "/", but if I don't provide it for subrealm I am getting 400, see bellow:

curl --request POST \
--header "iPlanetDirectoryPro: <ADMIN TOKEN>" \
--header "Content-Type: application/json" \
--data '{"resourceTypeUuids": ["76656a38-5f8e-401b-83aa-4ccb74ce88d2"], 
"conditions": [ "AMIdentityMembership" ], 
"name": "testPolApp", 
"entitlementCombiner": "DenyOverride", 
"subjects": [ "AuthenticatedUsers" ], 
"applicationType": "crestPolicyService"}' \


  "code" : 400,
  "reason" : "Bad Request",
  "message" : "Attempted to create Application in realm /, but request originated from /subrealm."

The fix also requires UI changes.

  • Create Application page should not include "realm" in JSON body
  • Edit Application page should not include "realm" in JSON body

Comment by Jaco Jooste [ 05/Aug/15 ]

The second commit adds the realm json parameter back for v1 application endpoint as removing it is not backwards compatible.

Comment by Richard Hruza [ 24/Aug/15 ]

Verified and Closed

Tested with: OpenAM 13.0.0-SNAPSHOT Build 15313 (2015-August-22 02:56)

Generated at Thu Apr 22 21:27:43 UTC 2021 using Jira 8.16.0#816000-sha1:a455b91378454416b49bbc88d03e653cb9815ed5.