Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1771

WPA4 invalid JSON response with a valid session

    XMLWordPrintable

    Details

      Description

      Install the agent with JSON-response properties set. Make sure json-response URL value is not part of the not-enforced url list (direct value or by any wildcard pattern). Get some other (agent protected) resource authenticated and extract the session cookie value. Do the request to json-url with a session cookie set.

      Expected: agent does not interfere with the requested resource and does not change json reponse.

      Actual: agent responds with this json response:

      {"error": { "errors": [

      { "message": "success", "data": "" }

      ], "code": 0 }}

      Agent debug log has these messages (excerpt):

      2018-07-03 07:30:05.479 +0300 DEBUG [0x700000e6f000:48271][source/process.c:118] is_json_request(): http://www.agent.test:8080/index.json is json response url
      2018-07-03 07:30:05.485 +0300 DEBUG [0x700000e6f000:48271][source/process.c:1393] validate_policy(): method: GET, decision: allow (sso-only mode)
      2018-07-03 07:30:05.485 +0300 DEBUG [0x700000e6f000:48271][source/process.c:1916] set_user_attributes(): clearing headers/cookies
      2018-07-03 07:30:05.486 +0300 DEBUG [0x700000e6f000:48271][source/process.c:1855] do_header_set(): clearing custommail
      2018-07-03 07:30:05.486 +0300 DEBUG [0x700000e6f000:48271][source/process.c:1850] do_header_set(): setting custommail: test@user.test
      2018-07-03 07:30:05.486 +0300 DEBUG [0x700000e6f000:48271][source/apache/agent.c:684] amagent_auth_handler(): exit status: success (0)

        Attachments

          Activity

            People

            mareks Mareks Malnacs
            mareks Mareks Malnacs
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: