[OPENIDM-11356] Failed to sync password changes from DJ to managed Created: 20/Jul/18  Updated: 02/Aug/18  Resolved: 01/Aug/18

Status: Closed
Project: OpenIDM
Component/s: Module - Cryptography, Plugin - OpenDJ account change handler
Affects Version/s: 6.5.0
Fix Version/s: 6.5.0

Type: Bug Priority: Major
Reporter: Tinghua Xu Assignee: Whitney Hunter [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: CLARK, regression
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

IDM master build runs on a CentOS 7 with MySQL as repo, DJ 6.0.0


Attachments: File config.cfg     Text File debug.txt     File openidm0.log.0    
Issue Links:
Relates
is related to OPENIDM-11396 Create documentation for secrets.json... Closed
Target Version/s:
Verified Version/s:
Story Points: 3
Sprint: OpenIDM Sprint 6.5-6

 Description   

DJ password sync plugin doesn't work with IDM anymore since revision 86bfcc8, with proper config of IDM, DJ and DJ password sync plugin, when modifying the password in DJ of a user that is reconciled from DJ to IDM, the modified password is not synced to IDM, the password is shown as null(The test intentionally decrypt the synced password and display it as clearpassword):

{
    "_id": "9fba2b81-a2dc-4405-b0f1-564dd350220a",
    "_rev": "0",
    "accountStatus": "active",
    "clearpassword": null,
    "description": "test entry for ldappasswordmodify",
    "displayName": "John Doe",
    "effectiveAssignments": [],
    "effectiveRoles": [],
    "givenName": "John",
    "mail": "john.doe@example.com",
    "sn": "Doe",
    "telephoneNumber": "+44 1234 567890",
    "userName": "jdoe38"
}

IDM log has exception like

SEVERE: Unable to find key with alias openidm-localhost and purpose Purpose{secretType=DataDecryptionKey, label='decrypt'}
[940] Jul 20, 2018 2:37:10 PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3 lambda$handleRequestWithLogging$8
WARNING: Resource exception: 500 Internal Server Error: "Wrapped org.forgerock.json.JsonValueException: /: org.forgerock.json.crypto.JsonCryptoException: Unable to find descryption key"
org.forgerock.json.resource.InternalServerErrorException: Wrapped org.forgerock.json.JsonValueException: /: org.forgerock.json.crypto.JsonCryptoException: Unable to find descryption key
        at org.forgerock.json.resource.ResourceException.newResourceException(ResourceException.java:231)
        at org.forgerock.openidm.script.ScriptThrownException.toResourceException(ScriptThrownException.java:135)
        at org.forgerock.openidm.script.handler.ScriptedRequestHandler.convertScriptException(ScriptedRequestHandler.java:372)
        at org.forgerock.openidm.script.handler.ScriptedRequestHandler.lambda$handleAction$1(ScriptedRequestHandler.java:176)
        at org.forgerock.openidm.metrics.MetricsCollector.time(MetricsCollector.java:112)
        at org.forgerock.openidm.script.handler.ScriptedRequestHandler.handleAction(ScriptedRequestHandler.java:157)
        at org.forgerock.json.resource.Router.handleAction(Router.java:250)
        at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
        at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
        at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
        at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
        at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
        at org.forgerock.openidm.audit.filter.AuditFilter.lambda$filterAction$0(AuditFilter.java:113)
        at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:169)
        at org.forgerock.openidm.audit.filter.AuditFilter.filterAction(AuditFilter.java:113)
        at org.forgerock.openidm.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
        at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
        at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
...

The complete log is attached.
To reproduce it in Pyforge:
1. Config IDM, DJ and Stress section in pyforge config/config.cfg, attached is my test config
2. put IDM zip under pyforge/archives
3. Ran the command:

python3 -u run-pybot.py -c stress -i gatling -s *OpenDJPwdSyncPlugin -t IDM_DJ_Password_Sync_Plugin_Checks OpenIDM

4. Observe the symptom.
the QA debug.txt is also attached where we can see the sequence of the test.
The same test works well in the commit 34a3e3d which is right before 86bfcc8.



 Comments   
Comment by Tinghua Xu [ 02/Aug/18 ]

Verified with latest master and worked properly.

Generated at Fri Nov 27 17:03:11 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.