Tagged: #reverserproxy #authn
This topic has 1 reply, 1 voice, and was last updated 9 months, 3 weeks ago by Jatinder Singh.
-
AuthorPosts
-
October 18, 2019 at 6:19 pm #26927
smmellac
ParticipantHello,
We are trying to chain IGs i.e., IG-DMZ will authenticate against AM and then pass traffic to IG (protected zone). However, we are seeing the below error
“no handler to dispatch to for URI:xxxxxxxx”Route – IG (DMZ)
{
“name”: “400_openam”,
“baseURI”: “https://openigdevext.com”,
“condition”: “${matches(request.uri.path, ‘^/ebxlab’)}”,
“handler”: “ChainHandler”,
“heap”: [
{
“name”: “AmService”,
“type”: “AmService”,
“config”: {
“url”: “AM URL”,
“realm”: “/DEP”,
“ssoTokenHeader”: “iPlanetDirectoryPro”,
“agent”: {
“username”: “OPENIG_Agent”,
“password”: “pwd”
},
“sessionCache”: {
“enabled”: false
}
}
},
{
“name”: “AuthService”,
“type”: “SingleSignOnFilter”,
“config”: {
“amService”: “AmService”
}
},
{
“name”: “ChainHandler”,
“type”: “Chain”,
“config”: {
“handler”: “GenericHandler-EBX”,
“filters”: [
“AuthService”
]
}
},
{
“name”: “GenericHandler-EBX”,
“type”: “DispatchHandler”,
“config”: {
“baseURI”: “http://IGprotected.com:8080/lab”
}
}
]
}{
“name”: “300_ebx”,
“baseURI”: “APP URL:port”,
“condition”: “${matches(request.uri.path, ‘^/lab’)}”,
“handler”: “DH-Redirect to LAB”,
“heap”: [
{
“name”: “DH-Redirect to LAB”,
“type”: “DispatchHandler”,
“config”: {
“baseURI”: “APP URL:port/lab”
}
}
]
}Any help would be greatly appreciated
April 6, 2020 at 7:54 pm #27802Jatinder Singh
ParticipantYou may have already found a working solution but below is what you can try. It does the following:
* Intercepts
/ebxlab
at DMZ level;
* Performs AuthN using AM;
* Using assignment filter relays (reverse proxy) request to your protected IG at/lab
.{ "name”: "400_openam”, "baseURI”: "http://IGprotected.com:8080", "condition”: "${matches(request.uri.path, '^/ebxlab'')}”, "heap”: [ { "name”: "AmService”, "type”: "AmService”, "config”: { "url”: "AM URL”, "realm”: "/DEP”, "ssoTokenHeader”: "iPlanetDirectoryPro”, "agent”: { "username”: "OPENIG_Agent”, "password”: "pwd” }, "sessionCache”: { "enabled”: false } } }, { "name”: "AuthService”, "type”: "SingleSignOnFilter”, "config”: { "amService”: "AmService” } } ], "handler”: { "type”: "Chain”, "config”: { "handler”: "GenericHandler-EBX”, "filters”: [ "AuthService”, { "name": "AccessProtectedIG", "type": "AssignmentFilter", "comment": "Your comment", "config": { "onRequest": [ { "target": "${request.uri.path}", "value": "/lab" } ] } } ], "handler": "ReverseProxyHandler" } } }
-
AuthorPosts
You must be logged in to reply to this topic.