Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1086

if Redirect Attempt Limit is set, agent always returns 403 after authenticate on JASPA 5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: 5.0.0.0
    • Component/s: J2EE Agents
    • Labels:
    • Environment:
      Tomcat 8.0.28 / 5.0.0-SNAPSHOT / 42791ea77b / 2017-Sep-15 01:52:17

      Description

      if Redirect Attempt Limit is set, agent always returns 403 after authenticate on JASPA 5

      Steps to reproduce

      1.) Create a policy for requested URL
      2.) Set Agent Profile / Global / General / Redirect Attempt Limit = 100 (high number of redirections, just to be sure that limit will not be reach)
      3.) Hit the protected page and after redirection to AM login page, login with user

      Expected

      See protected page

      Observed

      403 Forbidden
      Agent debug log:

      >2017-09-19 09:02:23:682 AM BST: http-nio-8080-exec-2/5/main
      ERROR: RedirectCheckResultHandler: Unable to process filter result, denying access
      java.lang.IllegalStateException: No match found
          at java.util.regex.Matcher.group(Matcher.java:536)
          at com.sun.identity.agents.filter.RedirectCheckResultHandler.getRedirectURL(RedirectCheckResultHandler.java:156)
          at com.sun.identity.agents.filter.RedirectCheckResultHandler.process(RedirectCheckResultHandler.java:108)
          at com.sun.identity.agents.filter.AmFilter.processResultHandlers(AmFilter.java:222)
          at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:172)
          at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:77)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:217)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
          at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
          at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
          at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)
          at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
          at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
          at java.lang.Thread.run(Thread.java:745)
      
      >2017-09-19 09:02:23:778 AM BST: http-nio-8080-exec-4/5/main
      ERROR: CDSSO cookie not found. Denying access.
      

      er

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pilar.gomez Pilar Gomez [X] (Inactive)
              Reporter:
              richard.hruza Richard Hruza
              QA Assignee:
              Richard Hruza Richard Hruza
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: