Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-708

For C Agent 5 has to be specified know port in Not Enforced URL

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Environment:
      Ubuntu 14.04 / Apache 2.4 / PA: Version: 5.0.0-SNAPSHOT, Revision: 0725088, Container: Apache 2.4 Linux 64bit/Linux, Build date: Jun 26 2017 16:50:07

      Description

      For C Agent 5 has to be specified know port 80(not tested with 443) in Not Enforced URL.

      Steps to Reproduce

      1.) Set Not Enforced rule without port 80, e.g
      http://riso-ubuntu14.test.forgerock.com/index.html
      2.) Hit this page

      Expected Result

      You will see protected index.html page

      Observed Result

      Redirected to AM login page
      I can see logs
      handle_not_enforced(): trying not enforced pattern http://riso-ubuntu14.test.forgerock.com/index.html
      handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/index.html ignoring pathinfo
      handle_not_enforced(): http://riso-ubuntu14.test.forgerock.com:80/index.html is enforced

      Agent Debug log
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:249] setup_request_data():
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:271] setup_request_data(): client ip: 172.25.1.224
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:309] setup_request_data(): client hostname: (empty)
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:317] setup_request_data(): original request url: http://riso-ubuntu14.test.forgerock.com/index.html
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:397] setup_request_data(): 
      method: GET 
      original url: http://riso-ubuntu14.test.forgerock.com/index.html
      proto: http
      host: riso-ubuntu14.test.forgerock.com
      port: 80
      path: /index.html
      query: 
      complete: http://riso-ubuntu14.test.forgerock.com:80/index.html
      overridden: http://riso-ubuntu14.test.forgerock.com:80/index.html
      pathinfo: 
      normalized (pathinfo removed): (empty)
      overridden (pathinfo removed): (empty)
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:421] validate_url():
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:433] validate_url(): request url validation feature is not enabled
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:442] validate_fqdn_access():
      2017-06-29 09:19:48.252 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:445] validate_fqdn_access(): feature is not enabled
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:544] handle_not_enforced(): application logout url feature is not enabled
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:684] handle_not_enforced(): not enforced client ip validation feature is not enabled
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:687] handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/index.html
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:696] handle_not_enforced(): trying not enforced pattern http://riso-ubuntu14.test.forgerock.com/index.html
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:707] handle_not_enforced(): validating http://riso-ubuntu14.test.forgerock.com:80/index.html ignoring pathinfo
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:808] handle_not_enforced(): extended not enforced url validation feature is not enabled
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:811] handle_not_enforced(): http://riso-ubuntu14.test.forgerock.com:80/index.html is enforced
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:952] validate_policy(): for http://riso-ubuntu14.test.forgerock.com:80/index.html (ignoring pathinfo: no), entry status: not found
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:1987] handle_exit(): (entry status: invalid session)
      2017-06-29 09:19:48.253 +0100   DEBUG [0x7f23ad3aa700:17234][source/request.c:1574] do_cookie_set_generic(): iPlanetDirectoryPro=;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:01 GMT;Path=/
      2017-06-29 09:19:48.254 +0100   DEBUG [0x7f23ad3aa700:17234][source/utility.c:1551] get_valid_openam_url(): active OpenAM service url: http://perf-openam.internal.forgerock.com:8080/openam (0)
      2017-06-29 09:19:48.254 +0100   DEBUG [0x7f23ad3aa700:17234][source/apache/agent.c:736] amagent_auth_handler(): exit status: redirect (1)
      

      If I set NEU rule with port I can access without login. This issue is regression compare to agent 4.

        Attachments

          Activity

            People

            Assignee:
            rich.riley Rich Riley [X] (Inactive)
            Reporter:
            richard.hruza Richard Hruza
            QA Assignee:
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: