September 27, 2016 at 3:47 pm #13307
I’ve hard problem about OpenAM. I configured OpenAM with Http Apache Server, using Policy Agent for Apache 2.4. I followed the guide “https://forgerock.org/openam/doc/bootstrap/quick-start-guide/index.html#install-apache-http”.
Unfortunately, if I call “url of apache resource” with special character, I’ve got this error:
“Forbidden – you don’t have permission to access …. on this server”.
I don’t find the solution. Help me!!!
September 27, 2016 at 4:59 pm #13309Henrique DroogParticipantSeptember 28, 2016 at 10:39 am #13349
- This topic was modified 5 years, 8 months ago by f.strada.
Unfortunately, I don’t find the solution. I tried to disabled “FQDN check” on OpenAM Web Agent, but I ‘ve got same error. Is It possible that OpenAM does accept special character such as “?” or query String? Most of the web url contain query string with special character (?,% ecc….)…September 28, 2016 at 11:33 am #13350[email protected]Participant
if you are using virtual host, then add below code to httpd-vhosts.conf (<apachehome>/conf\extra)
Allow from all
# Set access permission
Options Indexes FollowSymLinks
Allow from All
Require all granted
</VirtualHost>September 28, 2016 at 11:46 am #13352
Eureka!!!! I solved the problem!!!! It’s very simple:
1) TOP LEVEL REALM -> Authorization -> Policy Sets
2) Select “your policy agent” (If it doesn’t exists, select “new policy Set”)
3) Select Add Resources
4) Select as resource pattern *://*.*/*?* and valorize : http://www.example.com:8080/*?*
5) Select as resource pattern *://*.*/* and valorize : http://www.example.com:8080/*
It works!!!!September 29, 2016 at 11:27 am #13376
I’ve got other problem on this integration: if there’s a wildcard “*” into query string, I’ve got 403 forbidden. For example:
The result of call is: 403 Forbidden.
In this case, It’s not possibile to resolve this problem using Policy Set. How can I resolve it?
September 30, 2016 at 1:20 am #13409Rogerio RondiniParticipant
- This reply was modified 5 years, 7 months ago by f.strada.
In the previous post you was talking about “www.example.com:8080” … now you are talking about “www.example.com:8085”. Is that just a typo in the post related to port 8080 and 8085, or is really missing policy for port 8085?
- This reply was modified 5 years, 7 months ago by Rogerio Rondini.
You must be logged in to reply to this topic.