| Summary: | PicketLink fails to match identity object type due to whitespaces in its DN | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Portal Platform 5 | Reporter: | Matt Davis <mattd> |
| Component: | unspecified | Assignee: | mposolda |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.1.0.GA | CC: | epp-bugs, jmorgan, mposolda, wsiqueir |
| Target Milestone: | --- | Keywords: | ReleaseNotes |
| Target Release: | 5.2.1.GA | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/JBEPP-980 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
An issue in PicketLink identity verification resulted in domain names containing spaces causing the following exception to be raised: <literal>Cannot recognize identity object type by its DN</literal>. The fix implements changes to LDAPIdentityStoreRepository comparison logic, which compares the LDAP domain name with the domain name containing spaces. The logic ignores spaces in the domain name and searches for an overall character match. Domains that have a character match pass validation, which corrects the originally reported issue.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-20 13:29:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Matt Davis
2011-06-17 20:49:35 UTC
Release Notes Docs Status: Added: Documented as Known Issue Release Notes Text: Added: PicketLink does not account for spaces in domain names when it verifies identity. If the user enters spaces in the domain name, the following exception is thrown: "org.picketlink.idm.common.exception.IdentityException: Cannot recognize identity object type by its DN". There is no workaround for this issue, apart from ensuring no spaces are included in domain names. Labels: Added: EPP_5_2_1_Candidate Labels: Removed: EPP_5_2_1_Candidate Fixed in Picketlink IDM trunk https://source.jboss.org/changelog/PicketLink?cs=1374 . I added new methods to class Tools.java, which supports comparison of Ldap DN, so DNS are considered equal even if these DN have some whitespaces in path. LDAPIdentityStoreRepository is refactored to use these util methods. TestCase is also added for it. Only needed action is to release Picketlink IDM and update EPP pom.xml to use this new Picketlink IDM.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Release notes docs status: Not Yet Documented for EPP 5.2.1
Release notes text: CAUSE: PicketLink does not account for spaces in domain
names when it verifies identity. If the user enters spaces in the domain name,
the following exception is thrown:
"org.picketlink.idm.common.exception.IdentityException: Cannot recognize
identity object type by its DN". There is no workaround for this issue, apart
from ensuring no spaces are included in domain names.
FIX: It's fixed only in Picketlink IDM library. Now it supports comparison of Ldap DN, so DN are considered
equal even if these DN have some whitespaces in path.
LDAPIdentityStoreRepository is refactored according to it.
TestCase is also added for it into Picketlink IDM library.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,6 +1,4 @@
-Release notes docs status: Not Yet Documented for EPP 5.2.1
-
-Release notes text: CAUSE: PicketLink does not account for spaces in domain
+CAUSE: PicketLink does not account for spaces in domain
names when it verifies identity. If the user enters spaces in the domain name,
the following exception is thrown:
"org.picketlink.idm.common.exception.IdentityException: Cannot recognize
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,12 +1 @@
-CAUSE: PicketLink does not account for spaces in domain
+An issue in PicketLink identity verification resulted in domain names containing spaces causing the following exception to be raised: <literal>Cannot recognize identity object type by its DN</literal>. The fix implements changes to LDAPIdentityStoreRepository comparison logic, which compares the LDAP domain name with the domain name containing spaces. The logic ignores spaces in the domain name and searches for an overall character match. Domains that have a character match pass validation, which corrects the originally reported issue.-names when it verifies identity. If the user enters spaces in the domain name,
-the following exception is thrown:
-"org.picketlink.idm.common.exception.IdentityException: Cannot recognize
-identity object type by its DN". There is no workaround for this issue, apart
-from ensuring no spaces are included in domain names.
-
-FIX: It's fixed only in Picketlink IDM library. Now it supports comparison of Ldap DN, so DN are considered
-equal even if these DN have some whitespaces in path.
-LDAPIdentityStoreRepository is refactored according to it.
-
-TestCase is also added for it into Picketlink IDM library.
|