Group Universal ID mapping bug?

This topic has 0 replies, 1 voice, and was last updated 6 years, 2 months ago by soma.

  • Author
  • #11948


    I see a strange behavior when Universal ID of a group is mapped.
    I use realm and a group is created under my realm.

    Java EE container: Apache Tomcat 8.x
    Agent Mode: J2EE
    Realm name: ‘’
    Group uid: ‘id=app admins,ou=group,,ou=services,dc=openam,dc=forgerock,dc=org’

    But the uid which appears on the web application side is ‘id=app admins,ou=group,dc=openam,dc=forgerock,dc=org’

    This ‘Privileged Attribute Mapping’ configuration is NOT working: [id=app admins,ou=group,,ou=services,dc=openam,dc=forgerock,dc=org]=APP_ADMINISTRATORS_ROLE

    This works:
    [id=app admins,ou=group,dc=openam,dc=forgerock,dc=org]=APP_ADMINISTRATORS_ROLE

    HTTP Request info:

    principal class: org.apache.catalina.realm.GenericPrincipal
    principal name: demo
    user principal name: demo
    principal role 1: AUTHENTICATED_USERS
    principal role 2: APP_ADMINISTRATORS_ROLE
    principal role 3: id=app admins,ou=group,dc=openam,dc=forgerock,dc=org

    Is that a bug or it is normal behavior?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?