Missing policy actions in OpenAM 12?

This topic has 7 replies, 4 voices, and was last updated 5 years, 10 months ago by Peter Major.

  • Author
    Posts
  • #2232
     Brad Tumy
    Participant

    About a month ago I upgrade an environment to 11.0.2 which made available additional policy actions (DELETE, PUT, etc). I just upgraded the same environment to 12.0.0 and I can’t seem to find those new actions, only GET and POST are available in the new policy editor. I first assumed that this was due to these policies being related to referrals in the top realm but I am seeing the same behavior in all realms when creating a new policy. I don’t see anything about this in the Release Documents (Known Issues).

    Any insight on this is greatly appreciated.

    #2233
     Victor Ake
    Participant

    Hi Brad, Without verifying, it sounds to me like an upgrade bug. With a fresh installation you get those actions in OpenAM 12. Please raise an issue in Bugster and check if the OpenAM team verifies the issue.

    #2237
     Peter Major
    Moderator

    This sounds very similar to https://bugster.forgerock.org/jira/browse/OPENAM-4696 , but I would expect PUT and DELETE to be still present after the upgrade. Could be that you’ve incorrectly added the custom actions to 11.0.2 somehow?

    #2238
     Brad Tumy
    Participant

    In OPENAM-4696 AM 12 is overwriting custom actions. In our case the out of the box actions that were added (by ForgeRock) in AM 11.0.2 are not present after upgrading to AM 12.

    In this particular instance I don’t have any custom actions. I was only using the native actions that are available in 11.0.2.

    #2239
     Brad Tumy
    Participant
    #2396
     Peter Major
    Moderator

    FYI, as listed in the JIRA ticket, the workaround is to run the following ssoadm command:

    $ openam/bin/ssoadm set-appl -e / -m iPlanetAMWebAgentService -u amadmin -f .pass \
    -D appl.txt

    where appl.txt’s content is:

    actions=GET=true
    actions=POST=true
    actions=PUT=true
    actions=DELETE=true
    actions=HEAD=true
    actions=OPTIONS=true
    actions=PATCH=true

    If I’m not mistaken this issue should only happen if you’ve updated from a version that hasn’t previously supported the extra set of actions (so in most scenarios this will be unfortunately true).

    • This reply was modified 5 years, 10 months ago by Peter Major.
    #2611
     handongwang
    Participant

    Good.
    One more question: can I add non HTTP method actions such as EXECUTE, LIST, etc?

    Many thx

    #2615
     Peter Major
    Moderator
Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?