Open swarc-pc opened 3 months ago
Hi @swarc-pc,
Thanks for reporting this issue. Could you provide more details about the application object you're using to call Update-OktaApplication
? This will help us to repro the issue locally and narrow it down.
Internal Ref: OKTA-743474
Hi @laura-rodriguez ,
You bet! We're modifying the application credentials username template for each SAML app in our production org. Here's a breakdown of the tasks we're performing to get there:
First, we get the application we intend to modify as we want all properties besides the credentials to remain the same.
$app = Get-OktaApplication -AppId #appid of app we want to modify
Next, we initialize the application credentials username template and application credentials objects, including the changes we wish to make (in this case, we're changing the template to use the user.email variable).
$UserNameTemplate = Initialize-OktaApplicationCredentialsUsernameTemplate -Template "user.email" -Type "CUSTOM" -PushStatus "PUSH"
$Credentials = Initialize-OktaApplicationCredentials -UserNameTemplate $UserNameTemplate -Signing $app.credentials.signing
We then initialize the SAML application (sorry, I couldn't get MD to play nicely with the line continuation backtick).
$SamlApplication = Initialize-OktaSamlApplication -Accessibility $app.accessibility -Created $app.created -Features $app.features -Label $app.label -LastUpdated $app.lastUpdated -SignOnMode $app.signOnMode -Status $app.status -Visibility $app.visibility -Links $app._links -Settings $app.settings -Credentials $Credentials -Name $app.name
Lastly, we apply the changes to the application.
Update-OktaApplication -AppId $app.id -Application $SamlApplication
I found the same thing when using the New-OktaGroupRule method as exampled here: https://github.com/okta/okta-powershell-cli/blob/main/docs/OktaGroupApi.md#new-oktagrouprule
The root cause for that one is that the demo passes in a DateTime and the DateTime Type has a Property that returns a Date and then its in an infinite loop
Ive fixed this locally by changing the out when something is a value to handle valuetypes, not just primitives as below https://github.com/okta/okta-powershell-cli/blob/b01fd0a387e16d082ca833888fba9679a63527e9/src/Okta.PowerShell/Client/JsonHelper.ps1#L22 to
if ($InputObject -is [string] -or $InputObject.GetType().IsPrimitive -or $InputObject.GetType().IsValueType) {
Hope thats helpful
I wrote a PS script to modify the application username format for all SAML apps in our Okta org and ran into a terminating error (The script failed due to call depth overflow) when invoking the Update-OktaApplication commandlet.
The screenshot of the error is below:
From what I can gather, the intention behind the JsonHelper.ps1 script is to remove null or empty properties from an object before converting said object to JSON as part of the body of an API call. There are numerous examples on the Internet demonstrating how to perform this task, so I replaced the contents of the JsonHelper.ps1 file with a code snippet I've used in the past [link to source in SO].
The Update-OktaApplication commandlet ran successfully after replacing the JsonHelper.ps1 file.