-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 4.0.0, 4.0.1
-
Component/s: Doc, Web Agents
-
Environment:Apache/2.4.6 (CentOS) OpenAM Web Agent/4.0.1-1
CentOS Linux release 7.2.1511 (Core) 64-bit
OpenAM 12.0.2
-
Sprint:Sprint 115 Team Shakespeare
-
Cases:
-
Support Ticket IDs:
-
Epic Link:
If the Agent receives a cookie which is invalid, it should redirect the requester to a login page. It should not show 403.
This is happens even on not enforced URLs.
Steps to reproduce:
1. Request protected resource
curl -v --cookie 'iPlanetDirectoryPro=AQIC5wM2LY4SfczmAd2fBNPtwX938Wv2mM0ZY5c4L-e3kgM.*AAJTSQACMDEAAlNLABMzNzQ4OTU4NDg2NjY0OTUyNTIz*' http://1202.example.com/sec/sso.html * Trying 192.168.56.125... * Connected to 1202.example.com (192.168.56.125) port 80 (#0) > GET /sec/sso.html HTTP/1.1 > Host: 1202.example.com > User-Agent: curl/7.43.0 > Accept: */* > Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczmAd2fBNPtwX938Wv2mM0ZY5c4L-e3kgM.*AAJTSQACMDEAAlNLABMzNzQ4OTU4NDg2NjY0OTUyNTIz* > < HTTP/1.1 200 OK
2. Remove some characters from the cookie to make it invalid.
3. Test Again using the modified cookie.
curl -v --cookie 'iPlanetDirectoryPro=AQIC5wM2LY4SfczmAd2fBNPtwX938Wv2mM0ZY5c4L-e3kgM.*AAJTSQACMDEAAlN' http://1202.example.com/sec/sso.html * Trying 192.168.56.125... * Connected to 1202.example.com (192.168.56.125) port 80 (#0) > GET /sec/sso.html HTTP/1.1 > Host: 1202.example.com > User-Agent: curl/7.43.0 > Accept: */* > Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczmAd2fBNPtwX938Wv2mM0ZY5c4L-e3kgM.*AAJTSQACMDEAAlN > < HTTP/1.1 403 Forbidden < Date: Fri, 22 Apr 2016 12:58:58 GMT < Server: Apache/2.4.6 (CentOS) OpenAM Web Agent/4.0.0 < Content-Length: 214 < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body>
Expected results:
A redirect to the login page, similar to:
curl -v --cookie iPlanetDirectoryPro= http://1202.example.com/sec/sso.html * Trying 192.168.56.125... * Connected to 1202.example.com (192.168.56.125) port 80 (#0) > GET /sec/sso.html HTTP/1.1 > Host: 1202.example.com > User-Agent: curl/7.43.0 > Accept: */* > Cookie: iPlanetDirectoryPro= > < HTTP/1.1 302 Found < Date: Fri, 22 Apr 2016 13:01:03 GMT < Server: Apache/2.4.6 (CentOS) OpenAM Web Agent/4.0.0 < Location: http://1202.example.com:8080/openam/UI/Login?goto=http%3A%2F%2F1202.example.com%3A80%2Fsec%2Fsso.html < Content-Length: 285 < Content-Type: text/html; charset=iso-8859-1
Actual result:
403 page
- is related to
-
AMAGENTS-95 Improve Agent error handling of AM responses after OPENAM-8910
-
- Closed
-
- relates to
-
OPENAM-8910 NPE if a null siteID is passed to Session.validateSessionID
-
- Resolved
-
- mentioned in
-
Page Loading...