Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 4.0.0
-
Component/s: Doc, Web Agents
-
Verified Version/s:
-
Sprint:Sprint 115 Team Shakespeare
-
Cases:
-
Support Ticket IDs:
-
Epic Link:
Description
For WebAgent 4.0.0, 4.0.1 and 4.0.1-1 (with OpenAM 13.0.0), with
with the NotEnforced URL Fetch attributes enabled,
( com.sun.identity.agents.config.notenforced.url.attributes.enable=true ),
it seems that the response Attributes are not fetched from
Not-enforced URL.
Testcase
- Install OpenAM 13. (root realm)
- Define a single policy say ://:/test/.jsp that dump the headers
Also do some Policy response attributes for this policy. - Create a webagent profile and map some Response Attribute,
profile Attribute to HTTP_HEADERs - You may define a not-enforced URL to test an the not enforce case
for checking the fetch attribute. - Authenticate beforehand to get the SSO token,
test the resulting URL enforced and notenforced to see the
Fetched HTTP header attributes.
Result
- PolicyEnforced URL: ALL HTTP header for Profile and response appears
- NotEnforced URL: Response attribute not seen.
Expected Result
- NotEnforced URL: Response attribute is seen.
Some notes:
- Debug logs on policy agent shows that the Policy agent sent "response-attriutes-only" to openam/policyservice and the returned Response Attributes does not have the Policy's response attribute when not-enforced URL is used.
<Quote>
https://forgerock.org/openam/doc/OpenAM-4.0.0-SNAPSHOT-Web-Users-Guide.pdf
Fetch Attributes for Not Enforced URLs
When enabled, the agent fetches profile, response, and session attributes
that are mapped by doing policy evaluation, and forwards these attributes to
not enforced URLs.
Property: com.sun.identity.agents.config.notenforced.url.attributes.
enable
</Quote>