Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-42

Percent encoded hash (#) (%23) is handled incorrectly during policy evaluation

    XMLWordPrintable

    Details

      Description

      Steps to reproduce

      1) Setup OpenAM with Web Agent (3.3.x or 4.0.x)
      2) Add a simple all users policy to allow access to everything, e.g "http://www.example.com/*"
      3) Attempt to access http://www.example.com/test%23test

      Result:

      Access is denied

      Expected result:

      Access is allowed

      Adding a rule for www.example.com/test#test or # works, but this is not a good workaround because the file could include many encoded # characters and each variation of this would require it's own rule.

      I think the two key points are:

      In OpenAM the wildcard character stops at a literal # character (much like ?).
      The Agent decodes the %23 before sending it for evaluation to OpenAM.

        Attachments

          Activity

            People

            Assignee:
            chris.lee Chris Lee
            Reporter:
            ian.packer Ian Packer [X] (Inactive)
            QA Assignee:
              edwardb edwardb
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: