Bug 1121157 - Identity-provider should be required for every federation in PicketLink subsystem
Summary: Identity-provider should be required for every federation in PicketLink subsy...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: PicketLink
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: EAP 6.4.0
Assignee: Pedro Igor
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-18 13:57 UTC by Ondrej Lukas
Modified: 2014-10-23 21:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-23 21:13:53 UTC
Type: Bug


Attachments (Terms of Use)

Description Ondrej Lukas 2014-07-18 13:57:30 UTC
PicketLink subsystem allows use following empty federation:
<federation name="my-federation"/>

Also federation with service-providers is possible:
<federation name="my-federation">
	<service-providers>
            <service-provider name="sp.war" security-domain="sp" url="http://127.0.0.1:8080/sp/" post-binding="false" support-signatures="true"/>
        </service-providers>
    </federation>
</subsystem>

However federation without Identity Provider has no sense. Identity Provider should be required by xml schema. Otherwise, CLI command /subsystem=picketlink-federation/federation=my-federation:add() should work, but it causes:

ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) JBAS014607: Failed to persist configuration change: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014675: Failed to marshal configuration
	at org.jboss.as.controller.persistence.AbstractFilePersistenceResource.<init>(AbstractFilePersistenceResource.java:50) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
Caused by: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014680: Failed to write configuration
	at org.jboss.as.controller.persistence.AbstractConfigurationPersister.marshallAsXml(AbstractConfigurationPersister.java:123) [jboss-as-controller-7.4.0.Final-
Caused by: java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.asList(ModelValue.java:132) [jboss-dmr-1.2.0.Final-redhat-1.jar:1.2.0.Final-redhat-1]

It works fine, if it is used in batch with identity-provider:
batch
/subsystem=picketlink-federation/federation=my-federation:add()
/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp.war:add(url=http://127.0.0.1:8080/idp/,security-domain=idp,support-signatures=false,strict-post-binding=false)
run-batch

Comment 2 Pedro Igor 2014-10-23 21:13:53 UTC
I've executed the following command in CLI:

[standalone@localhost:9990 /] /subsystem=picketlink-federation/federation=my-federation:add()
{"outcome" => "success"}
[standalone@localhost:9990 /] reload

It worked fine. Am I'm missing something ?

I understand your point when you say that does not makes sense a fed without an IdP in it. But we need this behavior in order to properly support the functionality provided by the console.


Note You need to log in before you can comment on or make changes to this bug.