aliaksander-samuseu
commented
7 months ago A quick research on this error's origin I did when we were troubleshooting the crash in the call:
Based on a cursory reading and some observations while testing it, the code compiles a list of all attributes currently referenced from all active TRs, and then tries to build a mapping between their "Gluu names" and SAML names, to put the latter inside IDP config files it's about to generate. When it can't retrieve SAML names for some attributes, null is returned, and the startup routine breaks.
So it seems we need to either make it fail gracefully in such case, silently excluding attribute for which SAML names are not defined (and perhaps change that log message to state the reason of it a bit more clearly) - or acknowledge these are mandatory properties, and thus oxTrust must not persist any edits that result in no values set for them.
Description
This issue is an enhancement proposal. As was recently discovered while troubleshooting issue 11761, when attribute's metadata's properties "gluuSAML1URI" and "gluuSAML2URI" are not assigned a value, that leads to oxTrust crash during startup, due to its inability to gather all required data to generate configuration files for Shibboleth IDP. The issue has been confirmed for Gluu Server using SQL db for persistence so far.
Steps To Reproduce
Results
oxTrust fails to start, and error like shown below is displayed:
SQL request like this -
select gluuSAML1URI,gluuSAML2URI from gluuAttribute where gluuAttributeName = "birthdate";returns next output:Conclusion
As these properties seem to be mandatory, it would make sense to add a safeguard to oxTrust's code preventing user from assigning an empty value to them - both from web UI and from oxTrust API. Otherwise it may result in admin locked out of admin console due to some arbitrary configuration edit (that's what happened in the original ticket).