[OPENAM-718] Agent group membership lost after backup/restore Created: 21/Jun/11  Updated: 20/Nov/16  Resolved: 30/Jan/15

Status: Resolved
Project: OpenAM
Component/s: CLI
Affects Version/s: Snapshot9.5.2_RC1
Fix Version/s: 11.0.3, 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: metatech Assignee: Peter Major [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 3h
Original Estimate: Not Specified

Sprint: Sprint 76 - Sustaining
Support Ticket IDs:


Agent group membership lost after backup/restore

Steps to reproduce :
1. Define an agent group "G" in console
2. Define an agent "A", and make it a member of group "G"
3. Take a backup with "ssoadm export-svc-cfg"
4. Restore the backup with "ssoadm import-svc-cfg"
5. Restart application server
6. View agent "A" details in console : it is not a member of group "G" anymore.

Together with the inherited properties which are not dynamically updated (see comment in issue OPENAM-415), this problem is a show-stopper for the "agent group" features.

Can you have a look please ?
Thanks in advance.

Comment by metatech [ 21/Jun/11 ]

If the agent has some integer or enum properties inherited from the group, it is not enough to reassign it to the group, this will display an error in the console when trying to save it :
"Plug-in com.sun.identity.idm.plugins.internal.AgentsRepo: Error while setting attributes for agentonly=A"

Here is the workaround to restore the configuration :
1. Open the agent "A" details and reassign to group "G"
2. For all 5 integer fields and 2 checkboxes of the "Global" tab of the Agent, type some number or check any of the possibilities.
3. Save
4. Click on "Inheritance Settings" in each Tab and check each property which was previous inherited.

NB : The workaround is nearly as long as recreating the agent from scratch.

Comment by Peter Major [X] (Inactive) [ 08/Apr/14 ]

The main problem seems to be the fact that the labeledURI (which stores the agent group's name) isn't part of the configuration export.

Comment by Peter Major [X] (Inactive) [ 09/Apr/14 ]

Proposed solution:
move the agent group information from labeledURI to an agent attribute, this will also mean that it will be part of agent exports. During upgrade agents with labeledURI should be upgraded to use the new service attribute to store the group's name.
SSOADM commands should be also checked to verify they are updating the group information correctly.

Comment by Peter Major [X] (Inactive) [ 16/Jun/14 ]

Moving to 11.0.3 as this will end up a possibly too risky change.

Comment by Peter Major [X] (Inactive) [ 30/Jan/15 ]

Fixed with R12265 R12267 and R12268

Generated at Wed Oct 21 10:37:49 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.