In an SSL terminated environment, in the default login flow if override host and protocol are enabled, the resulting location will be overridden eg from http to https for urls such as agent/cdsso-oauth2. If the same is done with fragments enabled then the same override should take place as internally url this may not resolve (eg /agent/login-fragment-relay gets a 404)
A unit test has been created to illustrate this. In it create_fragment_relay_url is called once with no overrides, and a second time with overrides*
- In advanced properties set org.forgerock.agents.config.fragment.redirect.enable=1
- change one or more of the protocol,host,port (eg agent->pagent)from the default com.sun.identity.agents.config.agenturi.prefix=http://pagent.localtest.me:80/agentapp
- NB another way of achieving this would be to use one or more of X-Forwarded-Proto,X-Forwarded-Host or X-Forwarded-Port
- In the Advanced tab, perform one or more of the following steps:
Enable Override Request URL Protocol.
The equivalent property setting is com.sun.identity.agents.config.override.protocol=true.
Enable Override Request URL Host.
The equivalent property setting is com.sun.identity.agents.config.override.host=true.
Enable Override Request URL Port.
The equivalent property setting is com.sun.identity.agents.config.override.port=true.
(In my example I am overriding the host)
- curl -v http://agent.localtest.me:80/index.html#chapter-1
without overrides either an internal redirect to /agent/login-fragment-relay?state=x or a full url based on the original url should be the result.
eg Location: /agent/login-fragment-relay?state=IxkkAnW3e50DiLJU7ATY_x5kfd4 or http://agent.localtest.me:80/agent/login-fragment-relay?state=IxkkAnW3e50DiLJU7ATY_x5kfd4
with overrides, host and port of the overridden url replace the original. An internal redirect should not be used (unless there was no change in any parameters)
without overrides an internal redirect to /agent/login-fragment-relay?state=x is in the location
with overrides, an internal redirect to /agent/login-fragment-relay?state=x is in the location