[AMAGENTS-456] URL Comparison Case Sensitivity Check does not work for policies - ForgeRock JIRA

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3.4, 5.0.0.0, 4.1.0, 5.6.0.0, 5.5.0.0
Fix Version/s: None
Component/s: Web Agents
Labels:
Environment:
Ubuntu 14 / apache 2.4 / Version: 4.1.0, Revision: 31e821e, Build machine: delacroix, Build date: Nov 16 2016 11:40:53

Target Version/s:

5.0.0.0

Description

URL Comparison Case Sensitivity Check (com.sun.identity.agents.config.url.comparison.case.ignore)does not work for policies

Steps to reproduce

1.) Create a policy: http://agent.example.com:80/index.html
2.) In Agent profile set: Miscellaneous -> URL Handling -> URL Comparison Case Sensitivity Check = disabled (unchecked)
3.) Hit the agent protected page with some capital letter(s):
http://agent.example.com/inDex.html

Observed result

Access allow

Expected result

Access denied. This property should works for Not Enforced URL (tested and works) and also for policies.

Agent debug log:

2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/apache/agent.c:579] get_method_num(): method GET (GET, 0)
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/apache/agent.c:588] get_method_num(): number corresponds to GET method
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:235] setup_request_data():
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:257] setup_request_data(): client ip: 172.25.1.224
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:295] setup_request_data(): client hostname: (empty)
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:303] setup_request_data(): original request url: http://riso-ubuntu14.test.forgerock.com/inDex.html
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:320] setup_request_data(): no token in query parameters
2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:389] setup_request_data(): 
method: GET 
original url: http://riso-ubuntu14.test.forgerock.com/inDex.html
proto: http
host: riso-ubuntu14.test.forgerock.com
port: 80
path: /inDex.html
query: 
complete: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
overridden: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
pathinfo: 
normalized (pathinfo removed): (empty)
overridden (pathinfo removed): (empty)
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:404] validate_url():
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:416] validate_url(): request url validation feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:424] handle_notification():
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:480] validate_fqdn_access():
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:483] validate_fqdn_access(): feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:908] validate_token():
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(;): parsing cookie header: amlbcookie=01; iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(=): parsing cookie header:  iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:999] validate_token(): sso token: AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*, status: success
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1006] validate_token(): sso token SI: 01, S1: 
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:552] handle_not_enforced():
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:613] handle_not_enforced(): application logout url feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:753] handle_not_enforced(): not enforced client ip validation feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:756] handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/inDex.html
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:829] handle_not_enforced(): not enforced url validation feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:874] handle_not_enforced(): extended not enforced url validation feature is not enabled
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:877] handle_not_enforced(): http://riso-ubuntu14.test.forgerock.com:80/inDex.html is enforced
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1132] validate_policy(): for http://riso-ubuntu14.test.forgerock.com:80/inDex.html (ignoring pathinfo: no), entry status: success
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1184] validate_policy(): get session cache status: not found
2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1743] get_valid_openam_url(): active OpenAM service url: http://perf-openam.internal.forgerock.com:8080/openam (0)
2017-04-19 14:23:28.673 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds
2017-04-19 14:23:28.674 +0100   DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4)
2017-04-19 14:23:28.674 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:623] send_session_request(): sending 1246 bytes to http://perf-openam.internal.forgerock.com:8080/openam/sessionservice
2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:643] send_session_request(): response status code: 200
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="session" reqid="0">
<Response><![CDATA[<SessionResponse vers="1.0" reqid="1">
<GetSession>
<Session sid="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*" stype="user" cid="id=demo,ou=user,dc=openam,dc=forgerock,dc=org" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="600" maxidle="120" maxcaching="3" timeidle="0" timeleft="35999" state="valid">
<Property name="Locale" value="en_US"></Property>
<Property name="authInstant" value="2017-04-19T13:23:36Z"></Property>
<Property name="Principals" value="demo"></Property>
<Property name="clientType" value="genericHTML"></Property>
<Property name="AMCtxId" value="7f683c37ed5f548b01"></Property>
<Property name="AuthType" value="DataStore"></Property>
<Property name="HostName" value="172.25.1.224"></Property>
<Property name="successURL" value="/openam/console"></Property>
<Property name="Organization" value="dc=openam,dc=forgerock,dc=org"></Property>
<Property name="UserProfile" value="Required"></Property>
<Property name="CharSet" value="UTF-8"></Property>
<Property name="FullLoginURL" value="/openam/UI/Login?goto=http%3A%2F%2Friso-ubuntu14.test.forgerock.com%3A80%2FinDex.html&amp;realm=%2F"></Property>
<Property name="loginURL" value="/openam/UI/Login"></Property>
<Property name="amlbcookie" value="01"></Property>
<Property name="UserToken" value="demo"></Property>
<Property name="Service" value="ldapService"></Property>
<Property name="Host" value="172.25.1.224"></Property>
<Property name="cookieSupport" value="true"></Property>
<Property name="SessionHandle" value="shandle:AQIC5wM2LY4SfcwxFXHwcfizlrz8F0iTzIwzgiHPqvt7UOE.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"></Property>
<Property name="AuthLevel" value="0"></Property>
<Property name="UserId" value="demo"></Property>
<Property name="sun.am.UniversalIdentifier" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property>
<Property name="Principal" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property>
</Session></GetSession>
</SessionResponse>]]></Response>
<Response><![CDATA[<SessionResponse vers="1.0" reqid="2">
<AddSessionListener>
<OK></OK>
</AddSessionListener>
</SessionResponse>]]></Response>
</ResponseSet>
2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:674] send_session_request(): status: success
2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds
2017-04-19 14:23:28.686 +0100   DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4)
2017-04-19 14:23:28.686 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:844] send_policy_request(): sending 1021 bytes to http://perf-openam.internal.forgerock.com:8080/openam/policyservice
2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:864] send_policy_request(): response status code: 200
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ResponseSet vers="1.0" svcid="policy" reqid="3">
<Response><![CDATA[<PolicyService version="1.0" revisionNumber="60">
<PolicyResponse requestId="4" issueInstant="1492608216701" >
<ResourceResult name="http://riso-ubuntu14.test.forgerock.com:80/inDex.html">
<PolicyDecision>
<ResponseAttributes>
</ResponseAttributes>
<ActionDecision timeToLive="9223372036854775807">
<AttributeValuePair>
<Attribute name="POST"/>
<Value>allow</Value>
</AttributeValuePair>
<Advices>
</Advices>
</ActionDecision>
<ActionDecision timeToLive="9223372036854775807">
<AttributeValuePair>
<Attribute name="GET"/>
<Value>allow</Value>
</AttributeValuePair>
<Advices>
</Advices>
</ActionDecision>
</PolicyDecision>
</ResourceResult>
</PolicyResponse>
</PolicyService>
]]></Response>
</ResponseSet>
2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:883] send_policy_request(): status: success
2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1352] validate_policy(): trying cache entry for: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1369] validate_policy(): cached entry: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, resource: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, status: exact match
2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1474] validate_policy(): method: GET, decision: allow
2017-04-19 14:23:28.699 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:2056] handle_exit(): (entry status: success)

URL Comparison Case Sensitivity Check does not work for policies

Details

Description

Steps to reproduce

Observed result

Expected result

Attachments

Activity

People

Dates