Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8450

session properties set by Post Authentication Plugin are not set as headers

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • Agents-4.0.0
    • None
    • web agents
    • web agent for apache 2.2 and 2.4
      OS: redhat
    • Rank:
      1|hzr2gv:

      Description

      Agent profile configured on OpenAM side has two session properties configured to be passed to the app as headers:

      com.sun.identity.agents.config.session.attribute.fetch.mode=HTTP_HEADER
      com.sun.identity.agents.config.session.attribute.mapping[AuthLevel]=AUTH_LEVEL
      com.sun.identity.agents.config.session.attribute.mapping[PCC]=xPCC
      

      PCC session property is set by a custom Post Authentication Plugin:

          public void onLoginSuccess(Map map, 
          						HttpServletRequest httpServletRequest, 
          						HttpServletResponse httpServletResponse, 
          						SSOToken ssoToken) throws AuthenticationException {
              try {
                  ssoToken.setProperty("PCC", "HDQ");
              } catch (SSOException e) {
                  debug.error("ups", e);
              }
          }
      

      PCC session property is added to the session and is visible in the Session debug log (OpenAM). In the agent log, session object also contains PCC:

      <Session sid="AQIC5wM2LY4SfcyxpKxqiUV8KOs2p3v8DR8dMU3e7HmX27s.*AAJTSQACMDEAAlNLABQtMjMxMTc1Nzg2MjczNzMyMDIxNgACUzEAAA..*" stype="user" cid="uid=anowak,ou=people,dc=forgerockdemo,dc=com" cdomain="dc=openam,dc=forgerock,dc=org" maxtime="120" maxidle="30" maxcaching="3" timeidle="0" timeleft="7199" state="valid">
      <Property name="CharSet" value="UTF-8"></Property>
      <Property name="UserId" value="anowak"></Property>
      <Property name="FullLoginURL" value="/openam/UI/Login?goto=http%3A%2F%2Fiam.forgerockdemo.com%3A80%2Fweb%2Fwelcome%2Ftest.php&amp;realm=%2F"></Property>
      <Property name="successURL" value="/openam/console"></Property>
      <Property name="cookieSupport" value="true"></Property>
      <Property name="AuthLevel" value="0"></Property>
      <Property name="SessionHandle" value="shandle:AQIC5wM2LY4SfczvwfDrwFpOm9_ieTWBaDh0oon4YatDZN4.*AAJTSQACMDEAAlNLABQtMjMxMTc1Nzg2MjczNzMyMDIxNgACUzEAAA..*"></Property>
      <Property name="UserToken" value="anowak"></Property>
      <Property name="loginURL" value="/openam/UI/Login"></Property>
      <Property name="Principals" value="uid=anowak,ou=people,dc=forgerockdemo,dc=com"></Property>
      <Property name="Service" value="ldapService"></Property>
      <Property name="PostAuthProcessInstance" value="com.forgerock.poc.auth.pap.SessionPropertyPAP"></Property>
      <Property name="PCC" value="HDQ"></Property>
      <Property name="sun.am.UniversalIdentifier" value="id=anowak,ou=user,dc=openam,dc=forgerock,dc=org"></Property>
      <Property name="amlbcookie" value="01"></Property>
      <Property name="Organization" value="dc=openam,dc=forgerock,dc=org"></Property>
      <Property name="Locale" value="en"></Property>
      <Property name="HostName" value="0:0:0:0:0:0:0:1"></Property>
      <Property name="AuthType" value="LDAP"></Property>
      <Property name="Host" value="0:0:0:0:0:0:0:1"></Property>
      <Property name="UserProfile" value="Required"></Property>
      <Property name="AMCtxId" value="c68def7413ec6a2201"></Property>
      <Property name="clientType" value="genericHTML"></Property>
      <Property name="authInstant" value="2016-02-26T15:19:00Z"></Property>
      <Property name="Principal" value="uid=anowak,ou=people,dc=forgerockdemo,dc=com"></Property>
      </Session>
      

      Agent clears all configured headers but doesn't set values for those properties that has been added by PAP, i.e. AUTH_LEVEL header is set but xPCC header is not:

      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/apache/agent.c:277] set_user(): anowak
      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/process.c:1534] set_user_attributes(): clearing headers/cookies
      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/process.c:1442] do_header_set(): clearing xPCC
      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/process.c:1442] do_header_set(): clearing AUTH_LEVEL
      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/process.c:1438] do_header_set(): setting AUTH_LEVEL: 0
      2016-02-26 09:19:00.823 -0600 DEBUG [0x7f0780ae0700:3894][source/apache/agent.c:722] amagent_auth_handler(): exit status: success (0)
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            Marek Marek Detko
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: