Support Tip: OAuth userinfo endpoint exception if the userDN has more than than 128 chars

0 Likes
Summary
.
<amLogEntry seq="6577" d="2020-08-03T15:23:14Z" lg="Application" lv="DEBUG" th="82" ><msg>Method: JNDILogEventListener.accept Thread: https-jsse-nio-10.3.205.112-8443-exec-1 Exception while attempting to get a user store object!</msg></amLogEntry>

Environment

  • Access Manager 4.5.2
  • Access Manager 4.5.3
  • Access Manager 4.5.4
  • Access Manager 5.0
  • Access Manager 5.0.1
  • IDP server acting as OAuth authorization server
  • OAuth application client using the Authorization Code Flow


Situation

  • Example user DN: DUS Dir Generated System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ

 

  • This userDN gets corrupted / concatenated  with the GIUD of the userTarget object dn:  cn=klaus.gast,ou=DUS Dir Genenrated System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ005e30f398d5ea11ae16000c29501ebc  Acting as:  cn=klaus.gast,ou=DUS Dir Gen System Information Automations - Duisburg,ou=Ruhrgebiet,ou=Nordrhein-Westfalen,ou=Germany,ou=Users,o=NetIQ005e30f398d5ea11ae16000c29501ebc  leading into a JAVA Exception while running an LDAP search for this DN


Resolution

This issue has been addressed to engineering and will be fixed with Access Manager 5.0 SP2

Caroline Oest

Micro Focus Customer Experience Marketing

If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’

Labels:

Support Tip
Comment List
Anonymous
Related Discussions
Recommended