Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9255

Java Policy agent should support more advanced not enforced ip/url configurations


    • Sprint:
      Sprint 109 - Team Curie, Sprint 110 - Team Curie, Sprint 111 - Turtle Bay
    • Epic Link:
    • Support Ticket IDs:


      Currently policy agent supports either not enforced ip (including old wildcards, cidr and ip ranges) and/or not enforced url settings, in addition, when client ip address matches one of the not enforced ip setting, no further not enforced url evaluation is done.

      Policy agent should support more detailed approach while evaluating not-enforced ip/url combination, for example, user should be able to specify not enforced ip (or range) only for a set of not enforced url (or list) - they would be evaluated only when client ip matches not enforced ip setting. If this (new) rule does not find a match an no other (generic) not enforced rule exists - requested url is sent for authentication or denied access.

      New parameter syntax can be like this:

      com.forgerock.agents.config.notenforced.ipurl[0] =|*/url1 */url2

      where multiple ip values, left side of |, are separated by space
      and multiple url values on a right side of |. Url values should support not only current wildcard spec., but also one coming with OPENAM-772.


          Issue Links



              • Assignee:
                tony.bamford Tony Bamford
                tony.bamford Tony Bamford
                QA Assignee:
                Richard Hruza
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: