Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-221

Location response header not set when 'com.sun.identity.agents.config.access.denied.url' is used

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.0.1
    • Fix Version/s: 4.1.0
    • Component/s: Web Agents
    • Environment:
      Ubuntu 12.0.4
      Apache http server 2.2
      URL Policy Agent 4.0.1-11

      Description

      Configure com.sun.identity.agents.config.access.denied.url to a relative URI ,e.g. /403.html

      When access is denied do to missing permission the agent sends the following response

      HTTP/1.1 302 Found
      Date: Mon, 17 Oct 2016 14:49:15 GMT
      Server: Apache/2.2.22 (Ubuntu)
      Last-Modified: Mon, 17 Oct 2016 14:01:16 GMT
      Etag: "45b0-6e-53f10026d5570"
      Accept-Ranges: bytes
      Vary: Accept-Encoding
      Content-Encoding: gzip
      Content-Length: 116
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html
      

      but it seems to deliver the content of the configured HTML page. This causes issues with Internet Explorer because it can not display the page.

      excerpt from the agent debug log

      debug.out
      2016-10-17 16:49:15.306 +0200   DEBUG [0x7fad9cb47700:7354][source/config_xml.c:111] am_parse_config_xml() com.sun.identity.agents.config.access.denied.url is set to '/403.html'
      ...
      
      2016-10-17 16:56:14.037 +0200   DEBUG [0x7fad967fc700:7354][source/net_ops.c:844] send_policy_request(): sending 990 bytes to http://openam1300.test.xyz:8080/openam/policyservice
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/net_ops.c:864] send_policy_request(): response status code: 200
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/net_ops.c:883] send_policy_request(): status: success
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/process.c:1271] validate_policy(): trying cache entry for: http://ubuntu1204.test.xyz:80/
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/process.c:1288] validate_policy(): cached entry: http://ubuntu1204.test.xyz:80/, resource: http://ubuntu1204.test.xyz:80/, status: exact match
      2016-10-17 16:56:14.040 +0200 WARNING [0x7fad967fc700:7354] validate_policy(): decision: deny, reason: no action decisions found
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/process.c:1975] handle_exit(): (entry status: access denied)
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/apache/agent22.c:561] set_custom_response(): status: redirect (exit: redirect)
      2016-10-17 16:56:14.040 +0200   DEBUG [0x7fad967fc700:7354][source/apache/agent22.c:868] amagent_auth_handler(): exit status: redirect (1)
      

      https://tools.ietf.org/html/rfc7231#section-6.4.3 states ...

      The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                spareyc Charles Sparey
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: