OpenAM with http Apache server – 403 Error

This topic has 6 replies, 4 voices, and was last updated 5 years, 7 months ago by Rogerio Rondini.

  • Author
    Posts
  • #13307
     f.strada
    Participant

    Hi,
    I’ve hard problem about OpenAM. I configured OpenAM with Http Apache Server, using Policy Agent for Apache 2.4. I followed the guide “https://forgerock.org/openam/doc/bootstrap/quick-start-guide/index.html#install-apache-http”.
    Unfortunately, if I call “url of apache resource” with special character, I’ve got this error:
    “Forbidden – you don’t have permission to access …. on this server”.

    For example:
    OpenAM URL: http://openam.example.com:8080/openam
    Url Apache: http://www.example.com:8085/

    if I call http://www.example.com:8085/page1.html there’s no error
    if I call http://www.example.com:8085/page1.html?h=223 there’s 403 http error

    I don’t find the solution. Help me!!!

    • This topic was modified 5 years, 8 months ago by f.strada.
    #13309
     Henrique Droog
    Participant

    Hi @f-strada,

    I guess you need to use wildcard like /*? and /*?*, I tried to find an example in the documentation but I didn’t. You can try to find here Agent DOC

    Sorry for my english.

    Regards.

    #13349
     f.strada
    Participant

    Unfortunately, I don’t find the solution. I tried to disabled “FQDN check” on OpenAM Web Agent, but I ‘ve got same error. Is It possible that OpenAM does accept special character such as “?” or query String? Most of the web url contain query string with special character (?,% ecc….)…

    #13350

    if you are using virtual host, then add below code to httpd-vhosts.conf (<apachehome>/conf\extra)

    <directory “E:/Documenten/Dropbox/Dropbox/dummy-htdocs”>
    Allow from all
    </directory>

    Example:

    <VirtualHost *:80>
    DocumentRoot “C:/webserver/sites/site2”
    ServerName http://example.com
    # Set access permission
    <Directory “C:/webserver/sites/site2”>
    Options Indexes FollowSymLinks
    AllowOverride None
    Allow from All
    Require all granted
    </Directory>

    </VirtualHost>

    #13352
     f.strada
    Participant

    Eureka!!!! I solved the problem!!!! It’s very simple:
    1) TOP LEVEL REALM -> Authorization -> Policy Sets
    2) Select “your policy agent” (If it doesn’t exists, select “new policy Set”)
    3) Select Add Resources
    4) Select as resource pattern *://*.*/*?* and valorize : http://www.example.com:8080/*?*
    5) Select as resource pattern *://*.*/* and valorize : http://www.example.com:8080/*

    It works!!!!

    #13376
     f.strada
    Participant

    I’ve got other problem on this integration: if there’s a wildcard “*” into query string, I’ve got 403 forbidden. For example:

    http://www.example.com:8085/page1.html?h=223*&yyy=343efwfwe

    The result of call is: 403 Forbidden.
    In this case, It’s not possibile to resolve this problem using Policy Set. How can I resolve it?

    • This reply was modified 5 years, 7 months ago by f.strada.
    #13409
     Rogerio Rondini
    Participant

    In the previous post you was talking about “www.example.com:8080” … now you are talking about “www.example.com:8085”. Is that just a typo in the post related to port 8080 and 8085, or is really missing policy for port 8085?

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?