Policy http header response not set

This topic has 1 reply, 1 voice, and was last updated 4 years, 5 months ago by cristianoburgo.

  • Author
    Posts
  • #17645
     cristianoburgo
    Participant

    I have a jsp page that print all the HTTP HEADER VARIABLE, this jsp page is on a wildfly application server and it is protected by a webagent on an apache server. The apache server act as a reverse proxy and the application is configured in a virtual host.

    This is the Jsp code:

    <table>
    <%
    Enumeration enumeration = request.getHeaderNames();
    while (enumeration.hasMoreElements()) {
    String name = (String) enumeration.nextElement();
    String value = request.getHeader(name);
    %>
    <tr><td><%= name %></td><td><%= value %></td></tr>
    <%
    }
    %>
    </table>

    What happen is that the response variables defined into the policy (uid and email) are not printed by the jsp, while the header variable (uid -> USERID) defined into: webagent->response attribute Processing is correctly written.
    The Response Attribute Fetch Mode = HTTP_HEADER

    See below the webagent log:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="session" reqid="0">
    <Response><![CDATA[<SessionResponse vers="1.0" reqid="1">
    <GetSession>
    <Session sid="AQIC5wM2LY4SfcyEcv3tjKL2L1J6o9_x-7no8gtLo5ug0tw.*AAJTSQACMDEAAlNLABQtNDI3NTUxODkzMDkyODY4NDYwNAACUzEAAA..*" stype="user" cid="id=user.0,ou=user,dc=example,dc=org" cdomain="dc=example,dc=org" maxtime="120" maxidle="30" maxcaching="3" timeidle="0" timeleft="7199" state="valid">
    <Property name="Locale" value="it_IT"></Property>
    <Property name="authInstant" value="2017-06-09T18:30:05Z"></Property>
    <Property name="Principals" value="user.0"></Property>
    <Property name="clientType" value="genericHTML"></Property>
    <Property name="AMCtxId" value="9610b6e565ece04401"></Property>
    <Property name="AuthType" value="Datexampleore"></Property>
    <Property name="HostName" value="192.168.0.30"></Property>
    <Property name="successURL" value="/openam/console"></Property>
    <Property name="Organization" value="dc=example,dc=org"></Property>
    <Property name="UserProfile" value="Required"></Property>
    <Property name="CharSet" value="UTF-8"></Property>
    <Property name="FullLoginURL" value="/openam/UI/Login?goto=http%3A%2F%2Fsecdev.example.it%3A6080%2Fsso.jsp&realm=%2F"></Property>
    <Property name="loginURL" value="/openam/UI/Login"></Property>
    <Property name="amlbcookie" value="01"></Property>
    <Property name="UserToken" value="user.0"></Property>
    <Property name="Service" value="ldapService"></Property>
    <Property name="Host" value="192.168.0.30"></Property>
    <Property name="cookieSupport" value="true"></Property>
    <Property name="SessionHandle" value="shandle:AQIC5wM2LY4SfcxS0rfuWPOwqbwMx5l_XOJzRRrmkhHY_JQ.*AAJTSQACMDEAAlNLABQtNDI3NTUxODkzMDkyODY4NDYwNAACUzEAAA..*"></Property>
    <Property name="AuthLevel" value="0"></Property>
    <Property name="UserId" value="user.0"></Property>
    <Property name="sun.am.UniversalIdentifier" value="id=user.0,ou=user,dc=example,dc=org"></Property>
    <Property name="Principal" value="id=user.0,ou=user,dc=example,dc=org"></Property>
    </Session></GetSession>
    </SessionResponse>]]></Response>
    <Response><![CDATA[<SessionResponse vers="1.0" reqid="2">
    <AddSessionListener>
    <OK></OK>
    </AddSessionListener>
    </SessionResponse>]]></Response>
    </ResponseSet>
    2017-06-09 20:30:05.813 +0200   DEBUG [0x7f37deffc700:9990][source/net_ops.c:674] send_session_request(): status: success
    2017-06-09 20:30:05.814 +0200   DEBUG [0x7f37deffc700:9990][source/utility.c:1848] am_timer(): getaddrinfo took 0 seconds
    2017-06-09 20:30:05.814 +0200   DEBUG [0x7f37deffc700:9990][source/net_client.c:562] sync_connect(): connected to logindev.example.it:6080 (IPv4)
    2017-06-09 20:30:05.814 +0200   DEBUG [0x7f37deffc700:9990][source/net_ops.c:844] send_policy_request(): sending 1004 bytes to http://logindev.example.it:6080/openam/policyservice
    2017-06-09 20:30:05.840 +0200   DEBUG [0x7f37deffc700:9990][source/net_ops.c:864] send_policy_request(): response status code: 200
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="policy" reqid="3">
    <Response><![CDATA[<PolicyService version="1.0" revisionNumber="60">
    <PolicyResponse requestId="4" issueInstant="1497033005839" >
    <ResourceResult name="http://secdev.example.it:6080/sso.jsp">
    <PolicyDecision>
    <ResponseAttributes>
    <AttributeValuePair>
    <Attribute name="uid"/>
    <Value>user.0</Value>
    </AttributeValuePair>
    <AttributeValuePair>
    <Attribute name="example"/>
    <Value>LOGGEDIN</Value>
    </AttributeValuePair>
    <AttributeValuePair>
    <Attribute name="mail"/>
    <Value>[email protected]</Value>
    </AttributeValuePair>
    </ResponseAttributes>
    <ActionDecision timeToLive="9223372036854775807">
    <AttributeValuePair>
    <Attribute name="POST"/>
    <Value>allow</Value>
    </AttributeValuePair>
    <Advices>
    </Advices>
    </ActionDecision>
    <ActionDecision timeToLive="9223372036854775807">
    <AttributeValuePair>
    <Attribute name="GET"/>
    <Value>allow</Value>
    </AttributeValuePair>
    <Advices>
    </Advices>
    </ActionDecision>
    </PolicyDecision>
    </ResourceResult>
    </PolicyResponse>
    </PolicyService>
    ]]></Response>
    </ResponseSet>
    2017-06-09 20:30:05.840 +0200   DEBUG [0x7f37deffc700:9990][source/net_ops.c:883] send_policy_request(): status: success
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1352] validate_policy(): trying cache entry for: http://secdev.example.it:6080/sso.jsp
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1369] validate_policy(): cached entry: http://secdev.example.it:6080/sso.jsp, resource: http://secdev.example.it:6080/sso.jsp, status: exact match
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1474] validate_policy(): method: GET, decision: allow
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:2056] handle_exit(): (entry status: success)
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/apache/agent.c:283] set_user(): user.0
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1884] set_user_attributes(): clearing headers/cookies
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1779] do_header_set(): clearing USERID
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/process.c:1774] do_header_set(): setting USERID: user.0
    2017-06-09 20:30:05.841 +0200   DEBUG [0x7f37deffc700:9990][source/apache/agent.c:931] amagent_auth_handler(): exit status: success (0)
    #17647
     cristianoburgo
    Participant

    What i experimented is that, it must be a mapping between the HTTP attributes defined into the policy and the ones defined on the webagent. So an attribute must be in both places to be shown as i want.

    I don’t know if this is the desired behavior.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?