Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3232

WebAgent override Request URL does not takes X-Forwarded-Host may have port.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.6.2.1, 5.7.0
    • Fix Version/s: 5.7.0
    • Component/s: Web Agents
    • Labels:
    • Environment:
      *Problem*

      When using Override Request URL Host, the AM

      Description

      Problem

      When using Override Request URL Host enabled and if there is any front end LB that sets X-Forwarded-Host, it seems that the Webagent generated override_url is very strict. The issue here is that the standard definition of "X-Forwarded-Host" is not so well defined to have a port or if this is a "Host" header. Many interpretation see Mozilla , Microsoft https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer and other github projects and it is clear this is an unsettle issue and left to the new Forwarded header)/

      Now the issue is that for frontend LB that generates the X-Forwarded-Host: <server>:<port> the Webagent will generate the following override_url "<server>:<port>:<port>" for the redirect_uri and is an invalid URL

      Testcase:

      • Test Webagent with override host with incoming request with X-Forwarded-Host with host:port pair.

      Cause

      • The host variable before serialise_url should ensure when forming URL that the host does not have ":" (or if the port is not -1/empty or it is used).
      • One should trim or avoid wrongly generated URL wih duplicate ":" that cause redirect_uri issues.

        Attachments

          Activity

            People

            Assignee:
            mareks.malnacs Mareks Malnacs
            Reporter:
            chee-weng.chea C-Weng C
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: