SAML TRs cannot be created in web UI

[aliaksander-samuseu]

Environment: Ubuntu 14.04, Gluu CE RC1 + latest oxauth/oxtrust packages installed according to this guide

Steps to reproduce:

1. Log in to web UI as admin user
2. Move to "SAML -> Trust Relationship" page and click "Add relationship" button there
3. Try to create some basic TR using "Uri" or "File" method, click "Add" button

Result: In case of "File" method user is redirected to default oxTrust's error page. In case of "Uri" method error is displayed on the page. In both cases Java exception appears in logs (full text is here):

2017-08-11 00:34:31,899 ERROR [qtp985655350-18] [org.gluu.oxtrust.exception.GlobalExceptionHandler] (GlobalExceptionHandler.java:50) - #{updateTrustRelationshipAction.save}: org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry with baseDN: inum=@!CB55.39FD.08B2.5BC0!0002!858D.3354!0006!1210.610F,ou=trustRelationships,inum=@!CB55.39FD.08B2.5BC0!0002!858D.3354,ou=appliances,o=gluu, filter: (&(objectClass=top)(objectClass=gluuSAMLconfig))
javax.faces.FacesException: #{updateTrustRelationshipAction.save}: org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry with baseDN: inum=@!CB55.39FD.08B2.5BC0!0002!858D.3354!0006!1210.610F,ou=trustRelationships,inum=@!CB55.39FD.08B2.5BC0!0002!858D.3354,ou=appliances,o=gluu, filter: (&(objectClass=top)(objectClass=gluuSAMLconfig))
    at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:89) ~[jsf-impl-2.2.14.jar:2.2.14]
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.2.14.jar:2.2.14]
    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198) [jsf-impl-2.2.14.jar:2.2.14]

[aliaksander-samuseu]

@shekhar16

Could you also check other methods of TR creation while you on it? Creating fed TR and a single TR from that fed TR, in particular.

[aliaksander-samuseu]

@shekhar16

Similar issues with adding OIDC/UMA/Asimba items, and with adding users. It's a major QA blocker atm.

[dmogn]

Also this error is happen on oxTrust initialization (without UI actions):

2017-08-14 05:30:18,707 INFO  [main] [org.gluu.oxtrust.ldap.service.TrustService] (TrustService.java:74) - Creating TR @!79E3.511D.7CBF.D583!0002!DF8B.2777!0006!5DC5.861F
2017-08-14 05:30:18,724 DEBUG [main] [org.gluu.oxtrust.ldap.service.TrustService] (TrustService.java:78) - there is no cluster configuration. Assuming standalone appliance.
2017-08-14 05:30:18.745:WARN:oeja.ServletContainerInitializersStarter:main:
org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry with baseDN: inum=@!79E3.511D.7CBF.D583!0002!DF8B.2777!0006!5DC5.861F,ou=trustRelationships,inum=@!79E3.511D.7CBF.D583!0002!DF8B.2777,ou=appliances,o=gluu, filter: (&(objectClass=top)(objectClass=gluuSAMLconfig))
        at org.gluu.site.ldap.persistence.LdapEntryManager.contains(LdapEntryManager.java:512)
        at org.gluu.site.ldap.persistence.LdapEntryManager.contains(LdapEntryManager.java:487)
        at org.gluu.site.ldap.persistence.AbstractEntryManager.contains(AbstractEntryManager.java:344)
        at org.gluu.site.ldap.persistence.LdapEntryManager$Proxy$_$$_WeldClientProxy.contains(Unknown Source)
        at org.gluu.oxtrust.ldap.service.TrustService.containsTrustRelationship(TrustService.java:206)
        at org.gluu.oxtrust.ldap.service.TrustService$Proxy$_$$_WeldSubclass.containsTrustRelationship(Unknown Source)
        at org.gluu.oxtrust.ldap.service.TrustService.addTrustRelationship(TrustService.java:88)
        at org.gluu.oxtrust.ldap.service.TrustService$Proxy$_$$_WeldSubclass.addTrustRelationship$$super(Unknown Source)

[dmogn]

Looks like all LDAP writing has been broken in RC1. It's a system problem, not UI problem.

[yurem]

I can't reproduce it locally. We also need to to check LDAP logs to get all required in formation about this issue.

[dmogn]

@yurem - Look Mike's issue, please. Shib IDP should be installed to reproduce.

[yurem]

Please retest it in CR3