-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.3.4, 5.0.0.0, 4.1.0, 5.6.0.0, 5.5.0.0
-
Fix Version/s: None
-
Component/s: Web Agents
-
Labels:
-
Environment:Ubuntu 14 / apache 2.4 / Version: 4.1.0, Revision: 31e821e, Build machine: delacroix, Build date: Nov 16 2016 11:40:53
-
Target Version/s:
URL Comparison Case Sensitivity Check (com.sun.identity.agents.config.url.comparison.case.ignore)does not work for policies
Steps to reproduce
1.) Create a policy: http://agent.example.com:80/index.html
2.) In Agent profile set: Miscellaneous -> URL Handling -> URL Comparison Case Sensitivity Check = disabled (unchecked)
3.) Hit the agent protected page with some capital letter(s):
http://agent.example.com/inDex.html
Observed result
Access allow
Expected result
Access denied. This property should works for Not Enforced URL (tested and works) and also for policies.
Agent debug log:
2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/apache/agent.c:579] get_method_num(): method GET (GET, 0) 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/apache/agent.c:588] get_method_num(): number corresponds to GET method 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:235] setup_request_data(): 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:257] setup_request_data(): client ip: 172.25.1.224 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:295] setup_request_data(): client hostname: (empty) 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:303] setup_request_data(): original request url: http://riso-ubuntu14.test.forgerock.com/inDex.html 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:320] setup_request_data(): no token in query parameters 2017-04-19 14:23:28.671 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:389] setup_request_data(): method: GET original url: http://riso-ubuntu14.test.forgerock.com/inDex.html proto: http host: riso-ubuntu14.test.forgerock.com port: 80 path: /inDex.html query: complete: http://riso-ubuntu14.test.forgerock.com:80/inDex.html overridden: http://riso-ubuntu14.test.forgerock.com:80/inDex.html pathinfo: normalized (pathinfo removed): (empty) overridden (pathinfo removed): (empty) 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:404] validate_url(): 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:416] validate_url(): request url validation feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:424] handle_notification(): 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:480] validate_fqdn_access(): 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:483] validate_fqdn_access(): feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:908] validate_token(): 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(;): parsing cookie header: amlbcookie=01; iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*" 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/utility.c:1049] get_cookie_value(=): parsing cookie header: iPlanetDirectoryPro="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*" 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:999] validate_token(): sso token: AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*, status: success 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1006] validate_token(): sso token SI: 01, S1: 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:552] handle_not_enforced(): 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:613] handle_not_enforced(): application logout url feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:753] handle_not_enforced(): not enforced client ip validation feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:756] handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/inDex.html 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:829] handle_not_enforced(): not enforced url validation feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:874] handle_not_enforced(): extended not enforced url validation feature is not enabled 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:877] handle_not_enforced(): http://riso-ubuntu14.test.forgerock.com:80/inDex.html is enforced 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1132] validate_policy(): for http://riso-ubuntu14.test.forgerock.com:80/inDex.html (ignoring pathinfo: no), entry status: success 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1184] validate_policy(): get session cache status: not found 2017-04-19 14:23:28.672 +0100 DEBUG [0x7f5695bab700:24558][source/utility.c:1743] get_valid_openam_url(): active OpenAM service url: http://perf-openam.internal.forgerock.com:8080/openam (0) 2017-04-19 14:23:28.673 +0100 DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds 2017-04-19 14:23:28.674 +0100 DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4) 2017-04-19 14:23:28.674 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:623] send_session_request(): sending 1246 bytes to http://perf-openam.internal.forgerock.com:8080/openam/sessionservice 2017-04-19 14:23:28.685 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:643] send_session_request(): response status code: 200 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ResponseSet vers="1.0" svcid="session" reqid="0"> <Response><![CDATA[<SessionResponse vers="1.0" reqid="1"> <GetSession> <Session sid="AQIC5wM2LY4Sfcwa4Y-q_M5I29z_DkzVv8gTRp7FBjDoZVk.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*" stype="user" cid="id=demo,ou=user,dc=openam,dc=forgerock,dc=org" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="600" maxidle="120" maxcaching="3" timeidle="0" timeleft="35999" state="valid"> <Property name="Locale" value="en_US"></Property> <Property name="authInstant" value="2017-04-19T13:23:36Z"></Property> <Property name="Principals" value="demo"></Property> <Property name="clientType" value="genericHTML"></Property> <Property name="AMCtxId" value="7f683c37ed5f548b01"></Property> <Property name="AuthType" value="DataStore"></Property> <Property name="HostName" value="172.25.1.224"></Property> <Property name="successURL" value="/openam/console"></Property> <Property name="Organization" value="dc=openam,dc=forgerock,dc=org"></Property> <Property name="UserProfile" value="Required"></Property> <Property name="CharSet" value="UTF-8"></Property> <Property name="FullLoginURL" value="/openam/UI/Login?goto=http%3A%2F%2Friso-ubuntu14.test.forgerock.com%3A80%2FinDex.html&realm=%2F"></Property> <Property name="loginURL" value="/openam/UI/Login"></Property> <Property name="amlbcookie" value="01"></Property> <Property name="UserToken" value="demo"></Property> <Property name="Service" value="ldapService"></Property> <Property name="Host" value="172.25.1.224"></Property> <Property name="cookieSupport" value="true"></Property> <Property name="SessionHandle" value="shandle:AQIC5wM2LY4SfcwxFXHwcfizlrz8F0iTzIwzgiHPqvt7UOE.*AAJTSQACMDEAAlNLABMyNDA4NDcxMjkwNjA4NTc4MzU5AAJTMQAA*"></Property> <Property name="AuthLevel" value="0"></Property> <Property name="UserId" value="demo"></Property> <Property name="sun.am.UniversalIdentifier" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property> <Property name="Principal" value="id=demo,ou=user,dc=openam,dc=forgerock,dc=org"></Property> </Session></GetSession> </SessionResponse>]]></Response> <Response><![CDATA[<SessionResponse vers="1.0" reqid="2"> <AddSessionListener> <OK></OK> </AddSessionListener> </SessionResponse>]]></Response> </ResponseSet> 2017-04-19 14:23:28.685 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:674] send_session_request(): status: success 2017-04-19 14:23:28.685 +0100 DEBUG [0x7f5695bab700:24558][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds 2017-04-19 14:23:28.686 +0100 DEBUG [0x7f5695bab700:24558][source/net_client.c:562] sync_connect(): connected to perf-openam.internal.forgerock.com:8080 (IPv4) 2017-04-19 14:23:28.686 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:844] send_policy_request(): sending 1021 bytes to http://perf-openam.internal.forgerock.com:8080/openam/policyservice 2017-04-19 14:23:28.698 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:864] send_policy_request(): response status code: 200 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ResponseSet vers="1.0" svcid="policy" reqid="3"> <Response><![CDATA[<PolicyService version="1.0" revisionNumber="60"> <PolicyResponse requestId="4" issueInstant="1492608216701" > <ResourceResult name="http://riso-ubuntu14.test.forgerock.com:80/inDex.html"> <PolicyDecision> <ResponseAttributes> </ResponseAttributes> <ActionDecision timeToLive="9223372036854775807"> <AttributeValuePair> <Attribute name="POST"/> <Value>allow</Value> </AttributeValuePair> <Advices> </Advices> </ActionDecision> <ActionDecision timeToLive="9223372036854775807"> <AttributeValuePair> <Attribute name="GET"/> <Value>allow</Value> </AttributeValuePair> <Advices> </Advices> </ActionDecision> </PolicyDecision> </ResourceResult> </PolicyResponse> </PolicyService> ]]></Response> </ResponseSet> 2017-04-19 14:23:28.698 +0100 DEBUG [0x7f5695bab700:24558][source/net_ops.c:883] send_policy_request(): status: success 2017-04-19 14:23:28.698 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1352] validate_policy(): trying cache entry for: http://riso-ubuntu14.test.forgerock.com:80/inDex.html 2017-04-19 14:23:28.698 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1369] validate_policy(): cached entry: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, resource: http://riso-ubuntu14.test.forgerock.com:80/inDex.html, status: exact match 2017-04-19 14:23:28.698 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:1474] validate_policy(): method: GET, decision: allow 2017-04-19 14:23:28.699 +0100 DEBUG [0x7f5695bab700:24558][source/process.c:2056] handle_exit(): (entry status: success)