Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3667

When upgrading to agent 5.7.0, certain properties which were set before will no longer have intended effect.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.6.3.1, 5.7.0
    • Fix Version/s: 5.7.0
    • Component/s: Web Agents
    • Labels:
    • Target Version/s:
    • Verified Version/s:
    • Support Ticket IDs:

      Description

      Issue

      When upgrading to later patches on 5.6.3 or 5.7.0 if a customer has set up Not enforced url handling specifying a HTTP Method, this will work but invalidate all non advanced properties versions. 

      Reproduction

      1. **Set up a regular not enforced url http://url/notenf.html
      2. check it works by doing a normal browser gets on both.
      3. Perform an options request on index.html. It will fail

      E:\>curl -v -X OPTIONS http://agent.internal.forgerock.com:80/index.html

      • Hostname was NOT found in DNS cache
      • Trying 127.0.0.1...
      • Connected to agent.internal.forgerock.com (127.0.0.1) port 80 (#0)
        > OPTIONS /index.html HTTP/1.1
        > User-Agent: curl/7.35.0
        > Host: agent.internal.forgerock.com
        > Accept: /
        >
        < HTTP/1.1 403 OK
           4. Set up cors support by entering the following in advanced properties:
        com.sun.identity.agents.config.notenforced.url[OPTIONS,1]=http://agent.internal.forgerock.com:80/index.html
           5. Save.

          6. Test cors for index.html and that notenf still permits access

       Expected Result

      cors simulation works for index.html and notenf.html is allowed

      Actual Result

      **cors works

      E:\>curl -v -X OPTIONS http://agent.internal.forgerock.com:80/index.html

      • Hostname was NOT found in DNS cache
      • Trying 127.0.0.1...
      • Connected to agent.internal.forgerock.com (127.0.0.1) port 80 (#0)
        > OPTIONS /index.html HTTP/1.1
        > User-Agent: curl/7.35.0
        > Host: agent.internal.forgerock.com
        > Accept: /
        >
        < HTTP/1.1 200 OK
        < Allow: OPTIONS, TRACE, GET, HEAD, POST
      • Server Microsoft-IIS/7.5 is not blacklisted
        < Server: Microsoft-IIS/7.5
        < Public: OPTIONS, TRACE, GET, HEAD, POST
        < X-Powered-By: ASP.NET
        < Date: Mon, 10 Aug 2020 10:59:50 GMT
        < Content-Length: 0
        <
      • Connection #0 to host agent.internal.forgerock.com left intact

      But querying notenf.html results in a 302 redirection for authentication

      Workaround

      **1. add all other neus to the advanced properties

      Impact

      This will affect some customers updating to 5.7 using this functionality. Other customers using advanced properties may be surprised by the change in behaviour, but probably can work around it.

      For this case there is no way of performing this via the regular configuration properties in the console. The workaround is not feasible as customers regularly have 20 or more neus, and there is not a simple way of exporting and merging them (AM removed the export option a few releases back)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              nick.james Nicholas James
              Reporter:
              alex.levin@forgerock.com Alex Levin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: