Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12038

Documentation. CDSSO flow diagram missing a step

    Details

    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      In https://backstage.forgerock.com/docs/openam/13.5/admin-guide/#chap-cdsso figure 11.2. Web Policy Agent Mechanism for CDSSO there is a step missing after 19, where the response is not the resources directly, but an html page containing embedded javascript that causes a form submission (GET)/window location href update to the protected resource.

      The observed behaviour is shown in the diagram attachment: 212/22a/23a -instead of Documented behaviour 20

      How to reproduce the issue

      You can observe the behaviour as follows

      1. Install OpenAM + Agent with CDSSO and check it is working correctly
      2. Access a resource and redirect to the login page
      3. Disable javascript on the browser
      4. Open Web Developer tools - Network
      5. Tail agent debug logs (set to All)
      6. Log in
      7. The browser displays a button stating "Submit Lares Data" (end of arrow 14)
      8. Click on Submit -> that corresponds to step 15 in the diagram flow
      9. In the debug logs of the agent, you will observe that the agent is now retrieving the token, validating it and requesting policy decision (steps 16 to 19)
      10. Toggle javascript back to enabled
      Expected behaviour
      Resources are being returned (or HTTP 403) as per documented behaviour
      Current behaviour

      The following html form is returned instead (step 21a in corrected flow in attachment)

      <html><head><script type="text/javascript">function submitform(sform) {window.location.href = sform.action;}</script></head><body onload="return submitform(document.getform);"><form name="getform" method="GET" action="http://internal.example.net:80/"></form></body></html>

       

        Attachments

          Activity

            People

            • Assignee:
              austingene Gene Hirayama
              Reporter:
              nathalie.hoet Nathalie Hoet
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: