Redirecting request to original URL after authentication
Hi,
I am trying to use the URL Policy agent to allow/deny access to web resources that are deployed on a certain Web server. I am explaining the configuration below.
Web Server A has the HTMLs deployed and a policy agent is installed on this web server.
Web Server B is the DSAME web server.
When a request for one of the protected web resources on Web Server A is sent, the policy agent intercepts the request and forwards the request to Web Server B where the authentication page is displayed.
Although the authentication happens correctly, the request does not get redirected to the original HTML that I had requested. Instead, the user profile in DSAME is displayed.
How do I get Web Server B to redirect the request so that the required web resource of Web Server A can be displayed.
Thanks,
Siddharth
when web server A redirects over to the IS web server, there should be a goto parameter in the URL to tell the IS web server where to redirect the client post authentication. What is in your URL?Steve
Hi all,
I am facing the same problem. Any feedback is greatly appreciated.
I do see the appropriate "goto=..." value in the url after the request is intercepted by the agent, but once authenticated, the AM console is displayed to the user, not the requested url.
My configuration is: Solaris 10, AM 6.3 patch 1, policy agent 2.2, Sun ONE Webserver for both AM and policy agent.
Thanks,
Adi.
I also have the same issue.
You may set debug level to "message" in AMConfig.properties and have a look at amAuth debug log - verifiy if the authContext do not get lost.-Bernhard
Seems you guys didn't redeploy the AM applications properly. In 6.3 patch1, Login.jsp had a new line added
<input type="hidden" name="goto" value="<%= request.getParameter("goto") %>">
After apply 6.3 patches, you need to run "amconfig -s <amsilent_config_file>" to redeploy AM applications in order to get jsp changes and those modified jar files into the web container's deployed directories.
Our site is having a variation of this problem that I was wondering if other sites are experiencing. The problem I'll describe has been confirmed at our site for J2EE policy agents running on WebLogic 8.1 (Solaris 2.9) and Tomcat (also Solaris 2.9, I think). The problem does not seem to exist in URL policy agents.
The goto parameter is built incorrectly. Regardless of the URL that is entered prior to authentication, the goto parameter is set to either the application's context root or just the application server name, if the application was deployed without a context root (at our site, we do this for Coldfusion MX).
An example might help.
Assume that the following URL is entered that will be routed by the agent to be authenticated by Access Manager:
http://server:8000/context/subpath/some.jsp
If the application has a context root, then goto will be set to: http://server:8000/context. If it doesn't, then goto will be set to: http://server:8000.
If applications are typically deployed with welcome pages below the context root as the advertised way for user access, this problem doesn't surface. Because this approach is common at our site, it took some time before we noticed it.
Has anyone else experienced this with a J2EE policy agent?
If so, have you worked around it?
Conversely, if you can get URLs of the type given in the above example to work correctly in a J2EE agent installation, can you let me know which agents you use and what the versions are?
As far as I can tell, there aren't any settings in AMAgent.properties that are relavent to the behavior of the value of the goto parameter.
Thanks!
We are seeing the same issue with the goto statements not passing the original url. We are seeing that the context is being used. We are using Tomcat Policy Agent 2.2 and we are having this issue when we access the Tomcat Manager and Admin applications. Basically, anything entered after the context name on the original url is truncate off on the goto parameter.
I am using weblogic 8.1 sp3 with HP Openview Selectaccess for access control....i am getting 404 error ocassionally. Its redirecting to wrong URL.
This is a common problem with J2EE agents. I heard that Sun had a solution for Weblogic and tomcat agents. You can ask for their latest hotpatch.
