No handler to dispatch to for URI

Home Forums ForgeRock Products Identity Gateway No handler to dispatch to for URI

Learn more about our upcoming Identity Summits

Tagged: 

This topic has 1 reply, 1 voice, and was last updated 5 months, 3 weeks ago by Jatinder Singh (AcceptingNewProjects).

  • Author
    Posts
  • October 18, 2019 at 6:19 pm #26927
     smmellac
    Participant

    Hello,

    We are trying to chain IGs i.e., IG-DMZ will authenticate against AM and then pass traffic to IG (protected zone). However, we are seeing the below error
    “no handler to dispatch to for URI:xxxxxxxx”

    Route – IG (DMZ)
    {
    “name”: “400_openam”,
    “baseURI”: “https://openigdevext.com”,
    “condition”: “${matches(request.uri.path, ‘^/ebxlab’)}”,
    “handler”: “ChainHandler”,
    “heap”: [
    {
    “name”: “AmService”,
    “type”: “AmService”,
    “config”: {
    “url”: “AM URL”,
    “realm”: “/DEP”,
    “ssoTokenHeader”: “iPlanetDirectoryPro”,
    “agent”: {
    “username”: “OPENIG_Agent”,
    “password”: “pwd”
    },
    “sessionCache”: {
    “enabled”: false
    }
    }
    },
    {
    “name”: “AuthService”,
    “type”: “SingleSignOnFilter”,
    “config”: {
    “amService”: “AmService”
    }
    },
    {
    “name”: “ChainHandler”,
    “type”: “Chain”,
    “config”: {
    “handler”: “GenericHandler-EBX”,
    “filters”: [
    “AuthService”
    ]
    }
    },
    {
    “name”: “GenericHandler-EBX”,
    “type”: “DispatchHandler”,
    “config”: {
    “baseURI”: “http://IGprotected.com:8080/lab”
    }
    }
    ]
    }

    {
    “name”: “300_ebx”,
    “baseURI”: “APP URL:port”,
    “condition”: “${matches(request.uri.path, ‘^/lab’)}”,
    “handler”: “DH-Redirect to LAB”,
    “heap”: [
    {
    “name”: “DH-Redirect to LAB”,
    “type”: “DispatchHandler”,
    “config”: {
    “baseURI”: “APP URL:port/lab”
    }
    }
    ]
    }

    Any help would be greatly appreciated

    April 6, 2020 at 7:54 pm #27802
     Jatinder Singh (AcceptingNewProjects)
    Participant

    You may have already found a working solution but below is what you can try. It does the following:

    * Intercepts /ebxlab at DMZ level;
    * Performs AuthN using AM;
    * Using assignment filter relays (reverse proxy) request to your protected IG at /lab.

    
{
  "name”: "400_openam”,
  "baseURI”: "http://IGprotected.com:8080",
  "condition”: "${matches(request.uri.path, '^/ebxlab'')}”,
  "heap”: [
    {
      "name”: "AmService”,
      "type”: "AmService”,
      "config”: {
        "url”: "AM URL”,
        "realm”: "/DEP”,
        "ssoTokenHeader”: "iPlanetDirectoryPro”,
        "agent”: {
          "username”: "OPENIG_Agent”,
          "password”: "pwd”
        },
        "sessionCache”: {
          "enabled”: false
        }
      }
    },
    {
      "name”: "AuthService”,
      "type”: "SingleSignOnFilter”,
      "config”: {
        "amService”: "AmService”
      }
    }
  ],
  "handler”: {
    "type”: "Chain”,
    "config”: {
      "handler”: "GenericHandler-EBX”,
      "filters”: [
        "AuthService”,
        {
          "name": "AccessProtectedIG",
          "type": "AssignmentFilter",
          "comment": "Your comment",
          "config": {
            "onRequest": [
              {
                "target": "${request.uri.path}",
                "value": "/lab"
              }
            ]
          }
        }
      ],
      "handler": "ReverseProxyHandler"
    }
  } 
}
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?