This topic has 5 replies, 3 voices, and was last updated 4 years, 7 months ago by aktokas.
-
AuthorPosts
-
June 21, 2016 at 12:15 pm #11424
Jitendra Niberiya
ParticipantHi All,
I am trying to capture the ‘401’ response of ‘PolicyEnforcementFilter’ filter in case of Unauthorized access.
Below is the config that I’ve put in my route file of openIG.
——————————
{
“handler”:{
“type”:”DispatchHandler”,
“config”:{
“bindings”:[
{
“condition”:”${request.cookies[‘iPlanetDirectoryPro’] == null}”,
“handler”:{
“type”:”StaticResponseHandler”,
“config”:{
“status”:302,
“reason”:”Found”,
“headers”:{
“Location”:[
“http://openam.example.com:8080/openam/XUI/#login/&goto=${urlEncode(contexts.router.originalUri)}”
]
},
“entity”:”Redirecting to OpenAM for authentication…”
}
}
},
{
“comment”:”This condition is optional, but included for clarity.”,
“condition”:”${request.cookies[‘iPlanetDirectoryPro’] != null}”,
“handler”:{
“type”:”Chain”,
“config”:{
“filters”:[
{
“name”:”AuthZPolicyEvaluationFilter”,
“type”:”PolicyEnforcementFilter”,
“config”:{
“openamUrl”:”http://openam.example.com:8080/openam/”,
“pepUsername”:”PolicyAdmin”,
“pepPassword”:”password”,
“ssoTokenSubject”:”${request.cookies[‘iPlanetDirectoryPro’][0].value}”,
“application”:”ApplicationName”
}
},
{
“name”:”UnauthorizedResponseSwitch”,
“type”:”SwitchFilter”,
“config”:{
“onResponse”:[
{
“condition”:”${response.status.code == 401}”,
“handler”:{
“name”:”FilterFailureHandler”,
“type”:”StaticResponseHandler”,
“config”:{
“status”:401,
“reason”:”Unauthorized Access”,
“entity”:”<html><h2>Unauthorized Access</h2></html>”
}
}
}
]
}
}
],
“handler”:{
“type”:”ClientHandler”,
“baseURI”:”http://openam.example.com:8080/”
}
}
}
}
]
}
},
“condition”:”${matches(request.uri.path, ‘^/sampleapp/header.jsp’)}”
}
——————————
But it is not working and I’m not getting the configured message in case of 401 failure.
From the filter doc, it looks like that the “response.status.code” should do but it ain’t working.
Anyone has done anything like this then please help out.Thanks,
JitendraJune 21, 2016 at 12:30 pm #11426violette
ParticipantHi Jitendra,
If the request is denied by the PolicyEnforcementFilter, OpenIG returns a 403 Forbidden.
See PolicyEnforcementFilter reference guide/Violette
June 21, 2016 at 12:42 pm #11427Jitendra Niberiya
ParticipantViolette,
I tried with ${response.status.code == 403} condition as well but still not able to redirect to entity message.
June 21, 2016 at 12:47 pm #11428Jitendra Niberiya
ParticipantAlso, I’m using OpenIG 4.0.0
June 21, 2016 at 4:16 pm #11451violette
ParticipantJitendra,
If you want to manage the cases where the policy denies the request, you have to put your ‘UnauthorizedResponseSwitch’ before the Policy Enforcement Filter.
December 14, 2017 at 11:09 am #20127aktokas
ParticipantDid you resolve this issue jitendra??
I am currently facing an exact same issue..I can see in the OpenIG logs that i have a 403 forbidded error..
but when i use the switch filter with condition – exchange.response.status == 403It does not work… Anyone has any suggestions??
Thanks,
Akshay -
AuthorPosts
You must be logged in to reply to this topic.