Default Project CR-7898

Fix for OPENAM-6390 - preserve the case of the normalised DN

Closed on 02 Sep 15

  •  
  •  
  •  
  •  
  • Author & Moderator
  • Reviewers
    • Reviewer completed

CR-7898 7

Keyboard shortcuts  
Summarize the review outcomes (optional)
 
#permalink

Details

Warning: no files are visible, they have all been filtered.
Participant Role Time Spent Comments Latest Comment
Author & Moderator 48m 4 Apart from header, the change has reduced to just: ...
Reviewer - 100% reviewed 7m 1 I think that IdUtils.getUniversalId(amId) is already a no...
Reviewer - Complete 19m 2 Ok - I'll complete as I guess you are just going to remov...
Total   1h 13m 7  
#permalink

Objectives

The current DNUtils.normalizeDN() returns a normalised String representation of the passed DN and at the same time converts it to lowercase. This method is used in many parts of OpenAM so rather than changing its behaviour, a new method was added to allow the caller to decide, DNUtils.normalizeDNPreserveCase()

This change allows the IdRepoDataStoreProvider.getUserID() call to return a value that has not been altered from a case perspective and satisfy the requirements of OPENAM-6390. The only use-case that has been fully tested after this change was a couple of persistent IDP/SP round trips, the first to establish the link and subsequent calls where the SP does not require authentication.

Snip of logs showing returned results with case of ID preserved:

frmbpro:debug mark$ grep -i TestUser Federation 
IdRepoDataStoreProvider.getUserID() Name=: TestUser DN=: null univId=: id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org normalizedId=: id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org
SPACSUtils.processResponse: process: userName =[id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org]
SPACSUtils.processResponse: userName : id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org
IdRepoDataStoreProvider.getUserID() Name=: TestUser DN=: null univId=: id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org normalizedId=: id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org
SPACSUtils.processResponse: process: userName =[id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org]
SPACSUtils.processResponse: userName : id=TestUser,ou=user,o=sub,ou=services,dc=openam,dc=forgerock,dc=org
#permalink

Issues Raised From Comments

Key Summary State Assignee
#permalink

General Comments

12 Aug 15

markdr says:

Patches for both trunk and 12.0.x included since trunk has moved on and is no longer using the deprecated LDAP utils DN code so there are some slight differences.

27 Aug 15

markdr says:

Apart from header, the change has reduced to just:

                 "multipleMatches"));
         }
         // single user found.
-        AMIdentity amId = (AMIdentity)amIdSet.iterator().next();
+        final AMIdentity amId = (AMIdentity)amIdSet.iterator().next();
+        final String universalId = IdUtils.getUniversalId(amId);
+
         if (debug.messageEnabled()) {
             debug.message("IdRepoDataStoreProvider.getUserID()"
                 + " Name=: " + amId.getName()
                 + " DN=: " + amId.getDN()
-                + " univId=: " + IdUtils.getUniversalId(amId));
+                + " univId=: " + universalId);
         }
-        return DNUtils.normalizeDN(IdUtils.getUniversalId(amId));
+
+        return universalId;
     }
/openam-core/src/.../common/DNUtils.java Changed  
Open in IDE #permalink
/openam-federation/.../impl/IdRepoDataStoreProvider.java Changed   5
Open in IDE #permalink
/openam-core/src/.../common/DNUtils.java Changed
Open in IDE #permalink
/openam-federation/.../impl/IdRepoDataStoreProvider.java Changed
Open in IDE #permalink

Review updated: Reload | Ignore | Collapse

You cannot reload the review while writing a comment.

Create Issue

X
Assign To Me

Log time against