Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8328

WPA can't recognize custom access-denied page when there is GOTO parameter

    XMLWordPrintable

    Details

    • Rank:
      1|hzqzen:

      Description

      Steps to reproduce:

      1. set com.sun.identity.agents.config.access.denied.url = http://agent.example.com:80/customAccDenied.html
      2. don't have any policy for customAccDenied.html nor have it on not-enforced list
      3. access directly to http://agent.example.com:80/customAccDenied.html
        • access is allowed (as it is automatically on NEU list)
      4. access to any resource which should be denied to current user (or the one you are going to login with if redirected to OpenAM login page)
        • expected: redirect to http://agent.example.com:80/customAccDenied.html
        • actual: redirect loop and get this:
          http://tom-am3.internal.forgerock.com/customAccDenied.html?goto=http%3A%2F%2Ftom-am3.internal.forgerock.com%3A80%2FcustomAccDenied.html%3Fgoto%3Dhttp%253A%252F%252Ftom-am3.internal.forgerock.com%253A80%252FcustomAccDenied.html%253Fgoto%253Dhttp%25253A%25252F%25252Ftom-am3.internal.forgerock.com%25253A80%25252FcustomAccDenied.html%25253Fgoto%25253Dhttp%2525253A%2525252F%2525252Ftom-am3.internal.forgerock.com%2525253A80%2525252FcustomAccDenied.html%2525253Fgoto%2525253Dhttp%252525253A%252525252F%252525252Ftom-am3.internal.forgerock.com%252525253A80%252525252FcustomAccDenied.html%252525253Fgoto%252525253Dhttp%25252525253A%25252525252F%25252525252Ftom-am3.internal.forgerock.com%25252525253A80%25252525252FcustomAccDenied.html%25252525253Fgoto%25252525253Dhttp%2525252525253A%2525252525252F%2525252525252Ftom-am3.internal.forgerock.com%2525252525253A80%2525252525252FcustomAccDenied.html%2525252525253Fgoto%2525252525253Dhttp%252525252525253A%252525252525252F%252525252525252Ftom-am3.internal.forgerock.com%252525252525253A80%252525252525252FcustomAccDenied.html%252525252525253Fgoto%252525252525253Dhttp%25252525252525253A%25252525252525252F%25252525252525252Ftom-am3.internal.forgerock.com%25252525252525253A80%25252525252525252FcustomAccDenied.html%25252525252525253Fgoto%25252525252525253Dhttp%2525252525252525253A%2525252525252525252F%2525252525252525252Ftom-am3.internal.forgerock.com%2525252525252525253A80%2525252525252525252FcustomAccDenied.html%2525252525252525253Fgoto%2525252525252525253Dhttp%252525252525252525253A%252525252525252525252F%252525252525252525252Ftom-am3.internal.forgerock.com%252525252525252525253A80%252525252525252525252FcustomAccDenied.html%252525252525252525253Fgoto%252525252525252525253Dhttp%25252525252525252525253A%25252525252525252525252F%25252525252525252525252Ftom-am3.internal.forgerock.com%25252525252525252525253A80%25252525252525252525252FcustomAccDenied.html%25252525252525252525253Fgoto%25252525252525252525253Dhttp%2525252525252525252525253A%2525252525252525252525252F%2525252525252525252525252Ftom-am3.internal.forgerock.com%2525252525252525252525253A80%2525252525252525252525252FcustomAccDenied.html%2525252525252525252525253Fgoto%2525252525252525252525253Dhttp%252525252525252525252525253A%252525252525252525252525252F%252525252525252525252525252Ftom-am3.internal.forgerock.com%252525252525252525252525253A80%252525252525252525252525252FcustomAccDenied.html%252525252525252525252525253Fgoto%252525252525252525252525253Dhttp%25252525252525252525252525253A%25252525252525252525252525252F%25252525252525252525252525252Ftom-am3.internal.forgerock.com%25252525252525252525252525253A80%25252525252525252525252525252FcustomAccDenied.html%25252525252525252525252525253Fgoto%25252525252525252525252525253Dhttp%2525252525252525252525252525253A%2525252525252525252525252525252F%2525252525252525252525252525252Ftom-am3.internal.forgerock.com%2525252525252525252525252525253A80%2525252525252525252525252525252FcustomAccDenied.html%2525252525252525252525252525253Fgoto%2525252525252525252525252525253Dhttp%252525252525252525252525252525253A%252525252525252525252525252525252F%252525252525252525252525252525252Ftom-am3.internal.forgerock.com%252525252525252525252525252525253A80%252525252525252525252525252525252FcustomAccDenied.html%252525252525252525252525252525253Fgoto%252525252525252525252525252525253Dhttp%25252525252525252525252525252525253A%25252525252525252525252525252525252F%25252525252525252525252525252525252Ftom-am3.internal.forgerock.com%25252525252525252525252525252525253A80%25252525252525252525252525252525252FcustomAccDenied.html%25252525252525252525252525252525253Fgoto%25252525252525252525252525252525253Dhttp%2525252525252525252525252525252525253A%2525252525252525252525252525252525252F%2525252525252525252525252525252525252Ftom-am3.internal.forgerock.com%2525252525252525252525252525252525253A80%2525252525252525252525252525252525252FcustomAccDenied.html%2525252525252525252525252525252525253Fgoto%2525252525252525252525252525252525253Dhttp%252525252525252525252525252525252525253A%252525252525252525252525252525252525252F%252525252525252525252525252525252525252Ftom-am3.internal.forgerock.com%252525252525252525252525252525252525253A80%252525252525252525252525252525252525252Findex.html
          

      If you have policy like http://agent.example.com:80/customAccDenied.html?* then it will work as expected.

        Attachments

          Activity

            People

            chris.lee Chris Lee [X] (Inactive)
            tomas.hejret Tomas Hejret
              edwardb edwardb
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: