Policy import fails in OpenAM 13.0 with Invalid resource type null message

Symptoms

The following error is shown when attempting to import a policy in XACML format using ssoadm:

The following response is received when attempting to import a policy in XACML format using the REST API:

If you try to import a policy via the OpenAM console, the policy is not imported but you do not get a message saying it failed. 

Recent Changes

Installed, or upgraded to OpenAM 13.0.

Causes

OpenAM 13 introduced a new concept - Resource Types which form part of describing policies in OpenAM 13. The resource types are missing from the xml file for the exported policy. The existing resource type is not associated with the imported policy and as such the policy fails validation

Solution

This issue can be resolved by upgrading to OpenAM 13.5 or later; you can download this version from BackStage.

Workaround

Alternatively, this issue can be resolved by manually re-creating the policy using either the OpenAM console or the REST API.

If you want to use the REST API, see How do I create a policy in AM (All versions) using the REST API? for details on successfully creating a policy, including retrieving the missing resource types. This article also provides a Postman collection  to make it easier to create policies.

See Also

How do I export and import policies in AM (All versions)?

Related Training

N/A

Related Issue Tracker IDs

OPENAM-6013 (Resource types are missing in XACML exported policy and it is not possible to import it)

OPENAM-8495 (XACML Import - Existing resource type not being associated with the imported policy)