[OPENAM-7124] Having an invalid COT name in the metadata causes a large number of providers to disappear from the COT upon deletion. Created: 15/Oct/15  Updated: 01/Oct/18  Resolved: 12/Dec/16

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 12.0.1, 12.0.2
Fix Version/s: 12.0.5, 13.5.1, 14.0.0

Type: Bug Priority: Major
Reporter: Tina Roper Assignee: Mark de Reeper
Resolution: Fixed Votes: 1
Labels: EDISON
Remaining Estimate: 2h
Time Spent: 4h
Original Estimate: 2h

Issue Links:
caused OPENAM-11472 WS-Federation extended metadata impor... Resolved
relates to OPENAM-12377 WS-Fed extended metadata with unknown... Resolved
Sprint: AM Sustaining Sprint 14, AM Sustaining Sprint 15, AM Sustaining Sprint 21, AM Sustaining Sprint 32
Story Points: 8
Support Ticket IDs:
QA Assignee: Filip Kubáň [X] (Inactive)
Verified Version/s:


When an entity provider is imported into the console with an invalid COT value in the extended metadata, it will cause problems when trying to delete it. After you have deleted the provider from the entity provider list, the provider will still be in the COT. Navigating to the COT page and trying to remove the entity from the COT list will cause an error "Input entity id is invalid" resulting in the user needing to hit the back button in the console. Once back on the federation page, over half the providers that were in the COT are now removed from the list.

Steps to create:

1. You will need a large number of metadata files in one circle of trust, I had 35.
2. Remove one of the providers from the entity provider list, which will also remove it from the COT.
3. Edit the extended metadata of the recently deleted provider adding an invalid COT name, I used cot.
4. Import the entity back into the entity provider list via the console.
5. Manually add the newly imported entity provider into the COT.

At this point the entity will be in the COT successfully.

6. Delete the provider from the entity provider list, which should remove it from the COT but does not.
7. Navigate to the COT page and try to remove it manually and hit save. You will receive an error that says "Input entity id is invalid".
8. Hit the back button in the console.
9. I had over 25 providers disappear out of my COT.

Comment by Mark de Reeper [ 04/Nov/15 ]

Using the test metadata data from the AAF (contains over 300 entries) and an initial run through on a recent 13 trunk build and I was not able to reproduce the final step, 9. After hitting Back button in the console there were no observed entries missing from the COT list but did see the error in step 7.

Will try to reproduce on a 12.0.1 build next.

Comment by Mark de Reeper [ 05/Nov/15 ]

No luck with 12.0.1 either, can see that improvements could be made to the COT validation during import as currently the value in the extended metadata is not taken into account.

Comment by David Bate [ 09/Dec/15 ]

This issue was reproduced with XUI turned off, so may only occur in the Legacy UI.

Comment by Hunter Poe [X] (Inactive) [ 12/Jan/16 ]

We experienced a very similar error when we brought an entity into a CoT through the legacy UI console, and then deleted it prior to removing it from the CoT which resulted in the "Input entity id is invalid" error appearing in the console and then most of our CoT disappeared. We are using OpenAM 12.0.2

Comment by Abel Hoxeng [ 27/Jan/16 ]

I was able to reproduce with the following steps:

1. Export an entity's metadata and extended metadata.
2. Change metadata to an incorrect COT that did not exist.
3. Upload the entity.
4. Add the Entity to and existing COT with a different name, it appears the COT needs to not exist in the Federation tab.
5. Delete the entity, this caused the entity to stay in the entity list.
6. Go to the Circle of Trust to try and remove the bad entity, but I received an error and when I went back to the main Federation page, ended up losing half my entities from my circle of trust.

To fix this issue I did the following:

1. Edit the Metadata for the correct COT
2. Upload the corrected metadata for the entity.
3. Remove the entity and add the entities removed from the circle of trust.

Comment by Filip Kubáň [X] (Inactive) [ 28/Apr/17 ]

Verified on OpenAM 13.5.1-RC2 Build 149fc42dac (2017-April-20 08:29)

Generated at Mon Nov 30 01:19:13 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.