This topic has 1 reply, 2 voices, and was last updated 4 years, 11 months ago by aktokas.

  • Author
    Posts
  • #18700
     eshraiman
    Participant

    I am trying to set up OpenIG password replay as is described in Chapter 5 of the IG Gateway Guide. I did all configuration as described and I have it working but with some caveat.

    I access the route http://openig.example.com:8080/replay and am redirected to the Open AM login page.

    According to the instructions, I am supposed to login with a username/password I created myself, like george/costanza in the example in Chapter 5 and that should redirect me to the sample application.

    The username/password I created for george/costanza while being logged in as amAdmin gives me “HTTP/1.1 403 Forbidden” error but I am able to successfully login as demo/changeit which is the test user already defined in the Open AM.
    I verified that I can login to OpenAM as george/contanza and one other user I created for testing. I can login to OpenAM with the users I created myself, but the replay redirection fails for these same users.
    Any ideas?

    I have Ubuntu 16.04 and have evaluation OpenAM 5.1.0 on Apache Tomcat 7.0.50
    evaluation IG-5.0.0 on jetty 8.1.21 with JavaEE agent v-3.5.1

    below is the trace:

    [qtp1824835605-15] INFO o.f.o.d.c.C.capture._router –

    — (request) id:b0ecb32f-ad7c-4724-9b3b-72dc80aef6d2-42 —>

    GET http://openig.example.com:8080/replay HTTP/1.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US;q=1,en;q=0.9
    Connection: keep-alive
    Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcxIEJGZWAzjicKOlC4eJnRadT6QhIvvPeA.*AAJTSQACMDEAAlNLABM2ODc5ODIyMTg4NjM1OTgyNDkzAAJTMQAA*
    Host: openig.example.com:8080
    password: PzFUhJhzwluIpZ9YXAIdDA==
    Referer: http://openam.example.com:9999/openam/XUI/?goto=http%3A%2F%2Fopenig.example.com%3A8080%2Freplay
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
    username: George

    [qtp1824835605-15] INFO o.f.o.d.c.C.capture._router –

    <— (response) id:b0ecb32f-ad7c-4724-9b3b-72dc80aef6d2-42 —

    HTTP/1.1 403 Forbidden
    Content-Length: 9
    Content-Type: text/html; charset=ISO-8859-1
    Date: Thu, 31 Aug 2017 17:15:47 GMT
    Set-Cookie: session-cookie=8414696128776996519; Path=/

    Forbidden

    #20068
     aktokas
    Participant

    Hi,
    You have missed configuration of the Authorization policy for OpenIG URL in your setup OR there is some mistake in the authorization policies you have created.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?