This topic has 8 replies, 2 voices, and was last updated 4 years, 11 months ago by 
-
Posts
-
Hi!
I have found a bug in openam ui.
1. Click: Realm -> Autorization -> Policies -> New policy
2. Enter a policy name with slash like “my/path” and description with the same text.
3. Entern url as any url pattern
4. Click [Save].
…And see nothing! I’ve expected to see the created policy settings but see nothing. Yes, I see the page with menus etc but instead of the settings form I see an empty grey canvas.I cannot edit or delete this policy using web ui. I can click [X] button in the policy list and confirm deletion in the pop-up window but without any result.
The same behaviour is present in 13.5. The workaround, don’t use a slash in a policy set, is obvious, but somewhat after the fact!
Andy
There’s a bug (OPENAM-5151) that is showing as unresolved that looks similar, but refers to ‘\’ rather than ‘/’. The symptoms are the same, though.
You should be able to remove the policy set using the ssoadm cli tool, something like:
.ssoadm delete-appls \
–realm my realm \
–adminid amadmin \
–password-file /path/to/password.txt \
–names “my/path”However, I’m getting
com.sun.identity.cli.CLIException: com.sun.identity.entitlement.EntitlementException: Permission deniedfrom this, for no reason I can determine. I’m getting the same on ‘normal’ policies too, so this maybe an issue just for my system. Worth trying the ssoadm command yourself, let us know…Andy
The same error:
[email protected]:~/build/sso-adm/openam/bin# ./ssoadm delete-appls –realm / –adminid amadmin –password-file /tmp/adm.txt –names “/odoutgoing/”
com.sun.identity.entitlement.EntitlementException: Permission denied.
I’ve not tried deleting policy sets with ssoadm before, maybe this is expected – but the ‘amadmin’ user should be able to do pretty much everything, I would have thought.
How brave are you feeling? And/or, how disposable is the server? You could delve into the internal configuration store using Apache Directory Studio and edit the policy set ID by hand to remove the slash. It should be referenced somewhere like this:
dn: ou=my/path,ou=registeredApplications,ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementService,ou=services,ou=services,dc=amconfig,dc=example,dc=com
That didn’t format very well…
dn: ou=my/path,ou=registeredApplications,ou=default,ou=OrganizationConfig,ou=1.0,ou=sunEntitlementService,ou=services,ou=services,dc=amconfig,dc=example,dc=com
You must be logged in to reply to this topic.
