[OPENAM-5894] Can't update WindowsDesktopSSO module with ssoadm Created: 25/Apr/15  Updated: 20/Nov/16  Resolved: 17/Jul/15

Status: Resolved
Project: OpenAM
Component/s: configurator
Affects Version/s: 12.0.0
Fix Version/s: 12.0.3, 13.0.0

Type: Bug Priority: Major
Reporter: Nick Belaevski [X] (Inactive) Assignee: Mark de Reeper
Resolution: Fixed Votes: 2
Labels: EDISON, release-notes
Remaining Estimate: 2h
Time Spent: 1h
Original Estimate: 3h

Target Version/s:
Sprint: Sprint 83 - Sustaining, Sprint 84 - Sustaining, Sustaining Sprint 10
Support Ticket IDs:


When using ssoadm update-auth-instance for WindowsDesktopSSO module, there is an error: iplanet-am-auth-windowsdesktopsso-keytab does not match the service schema. This is caused by UpdateAuthInstance class assuming that everything that ends with "-file" is a reference to file.

Workaround: specify property as iplanet-am-auth-windowsdesktopsso-keytab-file-file and point it to file that contains path of the keytab file.

Related stack trace:

amCLI:04/24/2015 04:47:55:789 PM PDT: Thread[main,5,main]
ERROR: UpdateAuthInstance.handleRequest
Message:The attribute name iplanet-am-auth-windowsdesktopsso-keytab does not match the service schema

                at com.sun.identity.sm.ServiceSchemaImpl.validateAttrValues(ServiceSchemaImpl.java:471)
                at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:291)
                at com.sun.identity.sm.ServiceConfig.setAttributes(ServiceConfig.java:536)
                at com.sun.identity.authentication.config.AMAuthenticationInstance.setAttributeValues(AMAuthenticationInstance.java:155)
                at com.sun.identity.cli.authentication.UpdateAuthInstance.handleRequest(UpdateAuthInstance.java:98)
                at com.sun.identity.cli.SubCommand.execute(SubCommand.java:291)
                at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:212)
                at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:134)
                at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:573)
                at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:170)
                at com.sun.identity.cli.CommandManager.main(CommandManager.java:147)

Comment by Mark de Reeper [ 12/May/15 ]

Rather than changing the property name in the module which would impact current users and the docs etc, can I suggest that we add an exception check in com.sun.identity.cli.authentication.UpdateAuthInstance.processFileAttributes for this one property and don't apply unless it actually contains an additional -file value at the end.

Comment by Mark de Reeper [ 17/Jul/15 ]

Fixed in r14671 and r14672.

Generated at Sat Oct 24 00:16:27 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.