Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-725

Cache-Control headers for unauthorized sessions does not work in C Agent 5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: None
    • Component/s: Web Agents
    • Environment:
      Ubuntu 14.04 / Apache 2.4 / PA: Version: 5.0.0-SNAPSHOT, Revision: 0725088, Container: Apache 2.4 Linux 64bit/Linux, Build date: Jun 26 2017 16:50:07

      Description

      Cache-Control headers for unauthorized sessions does not work in C Agent 5.

      Steps to reproduce

      1.) Setup agent: Advanced Tab -> Custom Properties = com.forgerock.agents.cache_control_header.enable=true
      2.) Hit agent protected page and login as demo user(be sure you DON'T have policy for this page)
      3.) After login you will see 403 Forbidden and check the response headers

      Expected Result

      Cache-Control: no-store and Cache-Control: no-cache are presented, e.g:

      Agent 4 response headers
      HTTP/1.1 403 Forbidden
      Date: Tue, 04 Jul 2017 13:43:09 GMT
      Server: Apache/2.4.9 (Unix) OpenAM Web Agent/4.1.0
      Cache-Control: no-store
      Cache-Control: no-cache
      Pragma: no-cache
      Expires: 0
      Content-Length: 212
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=iso-8859-1
      

      Observed Result

      Headers are not presented. Response header for /agent/cdsso-oauth2 endpoint using Agent 5

      HTTP/1.1 403 Forbidden
      Date: Tue, 04 Jul 2017 13:49:28 GMT
      Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1f OpenAM Web Agent/5.0.0-SNAPSHOT
      Content-Length: 219
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=iso-8859-1
      

        Attachments

          Activity

            People

            Assignee:
            nick.james Nicholas James
            Reporter:
            richard.hruza Richard Hruza
            QA Assignee:
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: