Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8311

Nginx WPA cannot set profile/response/session attribute processing on HTTP_HEADER fetch mode

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Agents-4.0.0
    • Agents-4.0.0
    • web agents
    • OpenAM Web Agent
      Version: 5.0.0-SNAPSHOT
      Revision: eea5b38
      Build date: Feb 5 2016 09:41:06
    • Rank:
      1|hzqxw7:

      Description

      Nginx WPA cannot set profile/response/session attribute processing on HTTP_HEADER fetch mode

      Steps to reproduce

      1.) Set debug level on agent and nginx
      2.) Create a policy to allow access to protected page
      3.) Go to <AGENT PROFILE NAME> / Application / Profile Attributes Processing and set following properties:

      • Profile Attribute Fetch Mode = HTTP_HEADER
      • Profile Attribute Map = [cn]=PROFILE-ATTR

      4.) Hit the agent protected page and log in as user (in my case rhruza with cn= Richard Hruza)

      Expected result

      on cgi page which list all environment variables the HTTP_PROFILE-ATTR=Richard Hruza appears

      Observed result

      on cgi page which list all environment variables the PROFILE-ATTR was missing + observed error log in nginx log:

      nginx debug log

      2016/02/08 14:33:18 [debug] 27440#27440: *3 agent handler: task posted in pool "default"
      2016/02/08 14:33:18 [debug] 27440#27440: timer delta: 0
      2016/02/08 14:33:18 [debug] 27440#27440: worker cycle
      2016/02/08 14:33:18 [debug] 27440#27440: epoll timer: -1
      2016/02/08 14:33:18 [debug] 27440#27442: pthread_cond_wait(00000000014114C0) exit
      2016/02/08 14:33:18 [debug] 27440#27442: pthread_mutex_unlock(0000000001411480) exit
      2016/02/08 14:33:18 [debug] 27440#27442: run task #1 in thread pool "default"
      2016/02/08 14:33:18 [debug] 27440#27442: *3 malloc: 00007F6BE0001260:8832
      2016/02/08 14:33:18 [debug] 27440#27442: *3 agent setting header PROFILE-ATTR -> 
      2016/02/08 14:33:18 [error] 27440#27442: *3 agent cannot set request header PROFILE-ATTR, client: 172.25.1.18, server: localhost, request: "GET /cgi-bin/show.cgi HTTP/1.1", host: "perf-openam2.internal.forgerock.com", referrer: "http://riso-ubuntu14.test.forgerock.com:8080/openam/UI/Login?goto=http%3A%2F%2Fperf-openam2.internal.forgerock.com%3A80%2Fcgi-bin%2Fshow.cgi&gx_charset=UTF-8"
      2016/02/08 14:33:18 [debug] 27440#27442: *3 agent setting header PROFILE-ATTR -> Richard Hruza
      2016/02/08 14:33:18 [debug] 27440#27442: complete task #1 in thread pool "default"
      2016/02/08 14:33:18 [debug] 27440#27442: pthread_mutex_lock(0000000001411480) enter
      2016/02/08 14:33:18 [debug] 27440#27442: pthread_cond_wait(00000000014114C0) enter
      2016/02/08 14:33:18 [debug] 27440#27440: epoll: fd:13 ev:0001 d:0000000000954D60
      2016/02/08 14:33:18 [debug] 27440#27440: thread pool handler
      2016/02/08 14:33:18 [debug] 27440#27440: run completion handler for task #1
      

      agent debug log

      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1131] validate_policy(): trying cache entry for: http://perf-openam2.internal.forgerock.com:80/cgi-bin/show.cgi
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1139] validate_policy(): pattern: http://perf-openam2.internal.forgerock.com:80/cgi-bin/show.cgi, resource: http://perf-openam2.internal.forgerock.com:80/cgi-bin/show.cgi, status: exact match
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1244] validate_policy(): method: GET, decision: allow
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1779] handle_exit(): (entry status: success)
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1606] set_user_attributes(): clearing headers/cookies
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1504] do_header_set(): clearing PROFILE-ATTR
      2016-02-08 14:33:18.995 +0000   DEBUG [0x7f6bfc544700:27440][source/process.c:1500] do_header_set(): setting PROFILE-ATTR: Richard Hruza
      

        Attachments

          Activity

            People

            nick.james Nicholas James
            richard.hruza Richard Hruza
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: