Reputation: 573
OpenAM Policy Agent is unable to match URL
I'm trying to protect a web application with OpenAM Policy Agent 3.3.0 on an Apache web server.
The application uses the following URL-styles:
http://my.host.name/appname/some/static/contents
http://my.host.name/appname/some?dynamic=content
http://my.host.name/appname/?interesting_query;with_data
I can successfully handle the first two with the following match patterns
http://my.host.name/appname/*
http://my.host.name/appname/*?*
but I'm failing to find a pattern that matches the last URL-style. I already tried:
http://my.host.name/appname/?*
http://my.host.name/appname*?*
The OpenAM docs give me no clue how to handle this type.
What would be the correct matching pattern for this URL?
Upvotes: 1
Views: 419
Answers (1)
Reputation: 2995
There is a known bug (https://bugster.forgerock.org/jira/browse/OPENAM-3667) in the agents, which means that if you have a "/?" in your URLs, you will be unable to evaluate policies against those resources, they will always result in a deny. This issue was tackled in the end on both the agent and AM side, so you will most likely would need to upgrade to Agents-3.3.1 and 11.0.1 releases (both of them are only available to subscription customers).
Upvotes: 2
Related Questions
- Issue with Configuring OpenAM Agent
- Why is openam redirecting to the wrong URL?
- OpenAM error 500 "Unable to do Single Sign On or Federation" when browser loads successURL
- OpenAm agent for tomcat can not read authservice url?
- web policy agent not redirecting to OpenAM URl
- OpenAM agent redirects to default login url
- OpenAM: Error processing AuthnRequest. null
- Openam ssoadm list policies error
- OpenAM - No such Organization found
- OpenSSO (OpenAM) : Turn off URL enforcement