Support Tip: OAuth userinfo endpoint exception if the userDN has more than than 128 chars

0 Likes
Summary
.
<amLogEntry seq="6577" d="2020-08-03T15:23:14Z" lg="Application" lv="DEBUG" th="82" ><msg>Method: JNDILogEventListener.accept Thread: https-jsse-nio-10.3.205.112-8443-exec-1 Exception while attempting to get a user store object!</msg></amLogEntry>

Environment

  • Access Manager 4.5.2
  • Access Manager 4.5.3
  • Access Manager 4.5.4
  • Access Manager 5.0
  • Access Manager 5.0.1
  • IDP server acting as OAuth authorization server
  • OAuth application client using the Authorization Code Flow


Situation

  • Example user DN: DUS Dir Generated System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ

 

  • This userDN gets corrupted / concatenated  with the GIUD of the userTarget object dn:  cn=klaus.gast,ou=DUS Dir Genenrated System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ005e30f398d5ea11ae16000c29501ebc  Acting as:  cn=klaus.gast,ou=DUS Dir Gen System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ005e30f398d5ea11ae16000c29501ebc  leading into a JAVA Exception while running an LDAP search for this DN


Resolution

This issue has been addressed to engineering and will be fixed with Access Manager 5.0 SP2

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended