November 28, 2016 at 9:56 am #14514
I am using Openam Apache web agent 2.2 to implement SSO. I want to inject some custom headers using the Profile Attributes Processing option. I have set the Profile Attribute Fetch Mode as HTTP_HEADER and I have populated the Profile Attribute Map as [uid]=username.
But when I fire the URL, the custom request header is not being set. I can’t view it using developer options and I can’t access it using code in my application.
If however I change the HTTP_HEADER to HTTP_COOKIE, I get the value and SSO is completed.
Can anyone suggest what the problem is?
November 29, 2016 at 10:02 am #14542Peter MajorModerator
- This topic was modified 4 years, 10 months ago by Peter Major.
Headers set by the agent will NOT be accessible by browsers, you should only see those headers on the server side.
Also, are you sure you are using agent 2.2? That is a *very* outdated version of the agent, did you mean that you are using some different version of the agent on apache 2.2 instead?November 29, 2016 at 10:16 am #14543
The headers are not being accessible at the server side. That is the problem. If I use the HTTP_COOKIE option, then I can see them in the browser and also at the server side.
Also, even if I manage to set the headers correctly, will they persist after a redirect?
Suppose, after OpenAM authentication, I get to a page where there is redirect option. Even if the headers are accessible on the first page, will they persist after I click on the redirect URL?
And sorry about the version. I am using version 4.0.0 on Apache 2.2November 30, 2016 at 5:59 pm #14570Peter MajorModerator
Agents are server side modules, so when you configure HTTP_HEADER mapping, those headers will be set up on the server side only and for each incoming request. The attributes are normally only retrieved for enforced URIs, but there is a setting that enables retrieval of profile attributes for not enforced URIs as well.
Because of the above, if you are trying to redirect the user to a different site, then such headers will not be available there (since the headers are only available as *request* headers on the *server* side). If however the site you redirect to is also protected by a web agent, the attributes can be made available similarly using the attribute mapping settings.December 8, 2016 at 12:48 pm #14723
Ok. Thanks for the reply. I will try out the second method and see what happens.
You must be logged in to reply to this topic.