Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8523

J2EE Agent does not pickup "DN Restriction Only Enabled" from OpenAM configuration

    XMLWordPrintable

    Details

      Description

      If 'DN Restriction Only Enabled' is enabled, OpenAM Session log contains additional warnings when upgrading from J2EE 3.3.0 to 3.5.0.

      Steps to reproduce:
      1. Configure CDSSO and Cookie Hijack Protection
      https://backstage.forgerock.com/#!/docs/openam/11.0.0/admin-guide/chap-cdsso#enable-cdsso-cookie-hijacking-protection
      2. Enable DN Restriction Only Enabled in Global->Session

      Expected Result:
      No warning in Session log.
      Agent message level debug.log shows DN restriction is enabled.

      Actual result:
      OpenAM Session log contains

      WARNING: DNOrIPAddressListTokenRestriction.isSatisfied():dnRestrictionOnly is true, but IP has been received as the restriction context, this could be a suspicious activity. Received InetAddress is: /192.168.56.66
      

        Attachments

          Activity

            People

            peter.major Peter Major [X] (Inactive)
            andrew.dunn Andrew Dunn [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: