CODEWITHSUNDEEP
openamopendj
Sumit Paul
Sumit Paul

Reputation: 209

OpenAM Aunthentication and Authorization to web application

I have one web application. I've successfully authenticated the users using OpenAM. For that i deployed and configured OpenAM on one Tomcate(8080) and my web application is deployed on another tomcate(8081).I have configured 'J2EE_AGENT' on tomcate(8081).

I am using OpenDJ for data store. I have created two users/group

user1 ----> group1 user2 ----> group2

I've created Agent and Policies on OpenAM. The configuration for Policies is as follows.

Resource Name which i wanted to protect is : http://example.com:8081/SpringMVC/welcome and allowed for GET and POST action. And assigned the group1 to this rule.

When i am trying to access protected URL, it gets successfully authenticated using OpenAM and able to access the link. But unfortunately group2 is also able to access the url though i didn't assgin that group to that rule.

My question comes over here How i can configure the rule so that group2 can not access that url or group2 get access denied for that URL.

I've spent around 1 day on this. Early help would be appreciated.

Upvotes: 0

Views: 788

Answers (1)

Stefan Rasmusson
Stefan Rasmusson

Reputation: 5595

Quick idea, under the agent config -> Global settings -> Agent Filter Mode, have you used SSO_only mode? This bypasses all authorization rules and allowed everyone that is authenticated.

If not I would recommend turning on the debug logs for the agent and the OpenAM. Set agent config -> Global settings -> Agent Debug Level to message and OpenAM main page -> configuration -> system -> logging -> logging level to INFO.

You can ind authorization decisions here /openam/debug/Policy

Upvotes: 0

Related Questions