Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-42

Percent encoded hash (#) (%23) is handled incorrectly during policy evaluation

    Details

      Description

      Steps to reproduce

      1) Setup OpenAM with Web Agent (3.3.x or 4.0.x)
      2) Add a simple all users policy to allow access to everything, e.g "http://www.example.com/*"
      3) Attempt to access http://www.example.com/test%23test

      Result:

      Access is denied

      Expected result:

      Access is allowed

      Adding a rule for www.example.com/test#test or # works, but this is not a good workaround because the file could include many encoded # characters and each variation of this would require it's own rule.

      I think the two key points are:

      In OpenAM the wildcard character stops at a literal # character (much like ?).
      The Agent decodes the %23 before sending it for evaluation to OpenAM.

        Attachments

          Activity

            People

            • Assignee:
              chris.lee Chris Lee
              Reporter:
              ian.packer Ian Packer [X] (Inactive)
              QA Assignee:
              edwardb
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: