Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-2702

/ws/1/entitlement/decision returns deny when should return allow

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Expired
    • Affects Version/s: 11.0.0
    • Fix Version/s: None
    • Component/s: policy
    • Labels:
    • Environment:
      OpenAM 10.2.0-SNAPSHOT (2013-July-18 01:25)
    • Rank:
      1|hzlz0n:
    • Sprint:
      Sprint 53, Sprint 54, Sprint 55, Sprint 56, Sprint 57

      Description

      /ws/1/entitlement/decision is a deprecated interface, so I'm not sure how keen we are on digging into this part of OpenAM. But...

      ... while working on some documentation, I set up a basic policy to allow access to all authenticated users to http://www.example.com/*. I observed the result with /ws/1/entitlement/decisions saying HTTP GET was allowed on http://www.example.com/index.html. Yet, I saw this endpoint returning deny repeatedly for that resource.

      $ curl --request GET --cookie "iPlanetDirectoryPro=AQIC5...DU3*" "http://openam.example.com:8080/openam/ws/1/entitlement/decision?subject=MJ3QFTr4ZV2QrtlJvXlg0Q2dMRM=&action=GET&application=iPlanetAMWebAgentService&resource=http%3A%2F%2Fwww.example.com%2Findex.html"
      deny
      

      Was expecting allow.

        Attachments

          Activity

            People

            Assignee:
            apforrest Andrew Forrest
            Reporter:
            Mark Mark Craig
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: