1121157 – Identity-provider should be required for every federation in PicketLink subsystem

Bug 1121157 - Identity-provider should be required for every federation in PicketLink subsystem

Summary: Identity-provider should be required for every federation in PicketLink subsy...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	PicketLink
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	EAP 6.4.0
Assignee:	Pedro Igor
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-18 13:57 UTC by Ondrej Lukas
Modified:	2014-10-23 21:13 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-10-23 21:13:53 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Ondrej Lukas 2014-07-18 13:57:30 UTC

PicketLink subsystem allows use following empty federation:
<federation name="my-federation"/>

Also federation with service-providers is possible:
<federation name="my-federation">
	<service-providers>
            <service-provider name="sp.war" security-domain="sp" url="http://127.0.0.1:8080/sp/" post-binding="false" support-signatures="true"/>
        </service-providers>
    </federation>
</subsystem>

However federation without Identity Provider has no sense. Identity Provider should be required by xml schema. Otherwise, CLI command /subsystem=picketlink-federation/federation=my-federation:add() should work, but it causes:

ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) JBAS014607: Failed to persist configuration change: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014675: Failed to marshal configuration
	at org.jboss.as.controller.persistence.AbstractFilePersistenceResource.<init>(AbstractFilePersistenceResource.java:50) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
Caused by: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014680: Failed to write configuration
	at org.jboss.as.controller.persistence.AbstractConfigurationPersister.marshallAsXml(AbstractConfigurationPersister.java:123) [jboss-as-controller-7.4.0.Final-
Caused by: java.lang.IllegalArgumentException
	at org.jboss.dmr.ModelValue.asList(ModelValue.java:132) [jboss-dmr-1.2.0.Final-redhat-1.jar:1.2.0.Final-redhat-1]

It works fine, if it is used in batch with identity-provider:
batch
/subsystem=picketlink-federation/federation=my-federation:add()
/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp.war:add(url=http://127.0.0.1:8080/idp/,security-domain=idp,support-signatures=false,strict-post-binding=false)
run-batch

Comment 2 Pedro Igor 2014-10-23 21:13:53 UTC

I've executed the following command in CLI:

[standalone@localhost:9990 /] /subsystem=picketlink-federation/federation=my-federation:add()
{"outcome" => "success"}
[standalone@localhost:9990 /] reload

It worked fine. Am I'm missing something ?

I understand your point when you say that does not makes sense a fed without an IdP in it. But we need this behavior in order to properly support the functionality provided by the console.

Note You need to log in before you can comment on or make changes to this bug.