Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-254

Apache's ErrorDocument does not work with Agents 4.x

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 4.0.1
    • 5.0.0.0, 4.2.0.0
    • Web Agents

      Description

      If using Apache's ErrorDocument setting for a custom 403 page, this kind of error will appear.

      Forbidden
      
      You don't have permission to access /se on this server.
      
      Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

      Steps to reproduce:

      1. Setup 4.0.1 Agent and in httpd.conf add "ErrorDocument 403 /your_custom_403.html"
      2. Add your_custom_403.html as a not-enforced URL.
      3. Authenticate to OpenAM then access a URL which results in a policy deny.

      Expected result:
      HTTP 403 returned and the contents of your_custom_403.html

      Actual result:

       ...error was encountered while trying to use an ErrorDocument ...

      This does not affect Agents 3.x.

      Workaround.
      com.sun.identity.agents.config.access.denied.url can allow redirect to a custom page, though the status returned will be 200. Additional server-side configuration or scripting would be necessary to return 403, such as:

      <?php header("HTTP/1.1 403 Forbidden"); ?>

        Attachments

          Issue Links

            Activity

              People

              mareks Mareks Malnacs
              andrew.dunn Andrew Dunn [X] (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: