Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-456

URL Comparison Case Sensitivity Check does not work for policies

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.3.4, 5.0.0.0, 4.1.0, 5.6.0.0, 5.5.0.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Environment:
      Ubuntu 14 / apache 2.4 / Version: 4.1.0, Revision: 31e821e, Build machine: delacroix, Build date: Nov 16 2016 11:40:53

      Description

      URL Comparison Case Sensitivity Check (com.sun.identity.agents.config.url.comparison.case.ignore)does not work for policies

      Steps to reproduce

      1.) Create a policy: http://agent.example.com:80/index.html
      2.) In Agent profile set: Miscellaneous -> URL Handling -> URL Comparison Case Sensitivity Check = disabled (unchecked)
      3.) Hit the agent protected page with some capital letter(s):
      http://agent.example.com/inDex.html

      Observed result

      Access allow

      Expected result

      Access denied. This property should works for Not Enforced URL (tested and works) and also for policies.

      Agent debug log:

      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/apache/agent.c:579] get_method_num(): method GET (GET, 0)
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/apache/agent.c:588] get_method_num(): number corresponds to GET method
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:235] setup_request_data():
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:257] setup_request_data(): client ip: 172.25.1.224
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:295] setup_request_data(): client hostname: (empty)
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:303] setup_request_data(): original request url: http://riso-ubuntu14.test.forgerock.com/inDex.html
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:320] setup_request_data(): no token in query parameters
      2017-04-19 14:23:28.671 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:389] setup_request_data(): 
      method: GET 
      original url: http://riso-ubuntu14.test.forgerock.com/inDex.html
      proto: http
      host: riso-ubuntu14.test.forgerock.com
      port: 80
      path: /inDex.html
      query: 
      complete: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
      overridden: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
      pathinfo: 
      normalized (pathinfo removed): (empty)
      overridden (pathinfo removed): (empty)
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:404] validate_url():
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:416] validate_url(): request url validation feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:424] handle_notification():
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:480] validate_fqdn_access():
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:483] validate_fqdn_access(): feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:908] validate_token():
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(;): parsing cookie header: amlbcookie=01; iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(=): parsing cookie header:  iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:999] validate_token(): sso token: AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*, status: success
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1006] validate_token(): sso token SI: 01, S1: 
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:552] handle_not_enforced():
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:613] handle_not_enforced(): application logout url feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:753] handle_not_enforced(): not enforced client ip validation feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:756] handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/inDex.html
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:829] handle_not_enforced(): not enforced url validation feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:874] handle_not_enforced(): extended not enforced url validation feature is not enabled
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:877] handle_not_enforced(): http://riso-ubuntu14.test.forgerock.com:80/inDex.html is enforced
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1132] validate_policy(): for http://riso-ubuntu14.test.forgerock.com:80/inDex.html (ignoring pathinfo: no), entry status: success
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1184] validate_policy(): get session cache status: not found
      2017-04-19 14:23:28.672 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1743] get_valid_openam_url(): active OpenAM service url: http://perf-openam.internal.forgerock.com:8080/openam (0)
      2017-04-19 14:23:28.673 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds
      2017-04-19 14:23:28.674 +0100   DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4)
      2017-04-19 14:23:28.674 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:623] send_session_request(): sending 1246 bytes to http://perf-openam.internal.forgerock.com:8080/openam/sessionservice
      2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:643] send_session_request(): response status code: 200
      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <ResponseSet vers="1.0" svcid="session" reqid="0">
      <Response><![CDATA[<SessionResponse vers="1.0" reqid="1">
      <GetSession>
      <Session sid="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*" stype="user" cid="id=demo,ou=user,dc=openam,dc=forgerock,dc=org" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="600" maxidle="120" maxcaching="3" timeidle="0" timeleft="35999" state="valid">
      <Property name="Locale" value="en_US"></Property>
      <Property name="authInstant" value="2017-04-19T13:23:36Z"></Property>
      <Property name="Principals" value="demo"></Property>
      <Property name="clientType" value="genericHTML"></Property>
      <Property name="AMCtxId" value="7f683c37ed5f548b01"></Property>
      <Property name="AuthType" value="DataStore"></Property>
      <Property name="HostName" value="172.25.1.224"></Property>
      <Property name="successURL" value="/openam/console"></Property>
      <Property name="Organization" value="dc=openam,dc=forgerock,dc=org"></Property>
      <Property name="UserProfile" value="Required"></Property>
      <Property name="CharSet" value="UTF-8"></Property>
      <Property name="FullLoginURL" value="/openam/UI/Login?goto=http%3A%2F%2Friso-ubuntu14.test.forgerock.com%3A80%2FinDex.html&amp;realm=%2F"></Property>
      <Property name="loginURL" value="/openam/UI/Login"></Property>
      <Property name="amlbcookie" value="01"></Property>
      <Property name="UserToken" value="demo"></Property>
      <Property name="Service" value="ldapService"></Property>
      <Property name="Host" value="172.25.1.224"></Property>
      <Property name="cookieSupport" value="true"></Property>
      <Property name="SessionHandle" value="shandle:AQIC5wM2LY4SfcwxFXHwcfizlrz8F0iTzIwzgiHPqvt7UOE.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"></Property>
      <Property name="AuthLevel" value="0"></Property>
      <Property name="UserId" value="demo"></Property>
      <Property name="sun.am.UniversalIdentifier" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property>
      <Property name="Principal" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property>
      </Session></GetSession>
      </SessionResponse>]]></Response>
      <Response><![CDATA[<SessionResponse vers="1.0" reqid="2">
      <AddSessionListener>
      <OK></OK>
      </AddSessionListener>
      </SessionResponse>]]></Response>
      </ResponseSet>
      2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:674] send_session_request(): status: success
      2017-04-19 14:23:28.685 +0100   DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds
      2017-04-19 14:23:28.686 +0100   DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4)
      2017-04-19 14:23:28.686 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:844] send_policy_request(): sending 1021 bytes to http://perf-openam.internal.forgerock.com:8080/openam/policyservice
      2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:864] send_policy_request(): response status code: 200
      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <ResponseSet vers="1.0" svcid="policy" reqid="3">
      <Response><![CDATA[<PolicyService version="1.0" revisionNumber="60">
      <PolicyResponse requestId="4" issueInstant="1492608216701" >
      <ResourceResult name="http://riso-ubuntu14.test.forgerock.com:80/inDex.html">
      <PolicyDecision>
      <ResponseAttributes>
      </ResponseAttributes>
      <ActionDecision timeToLive="9223372036854775807">
      <AttributeValuePair>
      <Attribute name="POST"/>
      <Value>allow</Value>
      </AttributeValuePair>
      <Advices>
      </Advices>
      </ActionDecision>
      <ActionDecision timeToLive="9223372036854775807">
      <AttributeValuePair>
      <Attribute name="GET"/>
      <Value>allow</Value>
      </AttributeValuePair>
      <Advices>
      </Advices>
      </ActionDecision>
      </PolicyDecision>
      </ResourceResult>
      </PolicyResponse>
      </PolicyService>
      ]]></Response>
      </ResponseSet>
      2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/net_ops.c:883] send_policy_request(): status: success
      2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1352] validate_policy(): trying cache entry for: http://riso-ubuntu14.test.forgerock.com:80/inDex.html
      2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1369] validate_policy(): cached entry: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, resource: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, status: exact match
      2017-04-19 14:23:28.698 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:1474] validate_policy(): method: GET, decision: allow
      2017-04-19 14:23:28.699 +0100   DEBUG [0x7f5695bab700:24558][source/process.c:2056] handle_exit(): (entry status: success)
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              richard.hruza Richard Hruza
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: