Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

AM 7.1 CDSSO Could not get agent for the realm

Hi,

We are trying to configure the Cookie highjacking fix in AM 7.1 and apache agent 2.2. When we try to go the agent, the browser gets redirected to the Access Manager. After authentication, I get the error message on the browser "resource access denied".

On the AM side, I get following error in amCDC file:

-

04/19/2007 06:19:19:919 PM PDT: Thread[service-j2ee-3,5,main]

CDCServlet Initializing...

04/19/2007 06:19:19:922 PM PDT: Thread[service-j2ee-3,5,main]

CDCServlet init params. Restricted Token Enabled: false Auth URL Cookie Name: sunIdentityServerAuthNServer Auth URL Cookie Domain:Deployment Descriptor: /amserver

04/19/2007 06:19:19:925 PM PDT: Thread[service-j2ee-3,5,main]

CDCServlet.doGetPost: Query String received: goto=http%3A%2F%2Feauthdev.etc.net%2Fcgi-bin%2Fprintenv%3FsunwMethod%3DGET& RequestID=15432&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F% 2Feauthdev.etc.net%3A80%2Famagent&IssueInstant=2007-04-19T18%3A19%3A19Z

04/19/2007 06:19:19:934 PM PDT: Thread[service-j2ee-3,5,main]

SSOException caught: com.iplanet.sso.SSOException: Invalid session ID.

04/19/2007 06:19:20:430 PM PDT: Thread[service-j2ee-3,5,main]

Forwarding for authentication to: /UI/Login?goto=%2Famserver%2Fcdcservlet%3FTARGET%3Dhttp%253A%252F%252Feauthdev. etc.net%252Fcgi-bin%252Fprintenv%253FsunwMethod%253DGET%26RequestID%3D15432%26Ma jorVersion%3D1%26MinorVersion%3D0%26ProviderID%3Dhttp%253A%252F%252F

eauthdev.etc.net%253A80%252Famagent%26IssueInstant%3D2007-04-19T18%253A19%253A1 9Z

04/19/2007 06:19:27:293 PM PDT: Thread[service-j2ee-4,5,main]

CDCServlet.doGetPost: Query String received: TARGET=http%3A%2F%2Feauthdev.etc.net%2Fcgi-bin%2Fprintenv%3FsunwMethod%3DGET 8;RequestID=15432&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2 F%2Feauthdev.etc.net%3A80%2Famagent&IssueInstant=2007-04-19T18%3A19%3A19Z

04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]

WARNING: Advice List is : null

04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]

CDCServlet.doGetPost: targetURL = http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET

04/19/2007 06:19:27:294 PM PDT: Thread[service-j2ee-4,5,main]

CDCServlet.doGetPost: gotoURL = http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET

04/19/2007 06:19:27:321 PM PDT: Thread[service-j2ee-4,5,main]

CDC Servlet: Directory matches for http://eauthdev.etc.net:80/ is:{AMIdentity object: id=eauthdev_apache_8080,ou=agent,dc=mycompany,dc=com AMSDKDN=uid=eauthdev_apache_8080,ou=agents,dc=mycompany,dc=com={sunidentityserv erdevicestatus=[Active], sunidentityserverdevicekeyvalue=[agentRootURL=http://eauthdev.etc.net:80/]}}

04/19/2007 06:19:27:400 PM PDT: Thread[service-j2ee-4,5,main]

WARNING: Invalid GoTo URL: http://eauthdev.etc.net/cgi-bin/printenv?sunwMethod=GET for Agent ID: http://eauthdev.etc.net:80/

04/19/2007 06:19:27:400 PM PDT: Thread[service-j2ee-4,5,main]

ERROR: CDCServlet.doGetPost:Exception occured

java.lang.Exception: Invalid Agent: Could not get agent for the realm

at com.iplanet.services.cdc.LdapSPValidator.validateAndGetRestriction(LdapSPValida tor.java:200)

at com.iplanet.services.cdc.CDCServlet.redirectWithAuthNResponse(CDCServlet.java:2 88)

at com.iplanet.services.cdc.CDCServlet.doGetPost(CDCServlet.java:247)

at com.iplanet.services.cdc.CDCServlet.doGet(CDCServlet.java:194)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:796)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)

at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilte rChain.java:391)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:297)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:178)

at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:210)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:178)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 270)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextVal ve.java:241)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 182)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:160)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)

at com.sun.webserver.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:14 9)

at com.sun.webserver.connector.nsapi.NSAPIConnector.service(NSAPIConnector.java:99 5)

-

Does anybody knows what is going wrong?

Thanks in advance,

Vivek

[5089 byte] By [Vivek.Gupta.eToucha] at [2007-11-27 1:41:48]
«« Weird Static Block Behaviour
»» HttpConnectrion
# 1

Vivek,

seems like there's either no agent profile defined for the URL you're trying to access or that there's a mismatch with the URL defined in the agent profile.

Might be a more complicated issue, but first can you verify that the Agent profile exist and that the URL matches the requested URL ? Meanwhile I'll look into it a little further.

Thanks,

N.

npvisuala at 2007-7-12 0:57:37 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

One more thing Vivek : seems like the problem comes from the fact that the there's 3 checks done to ensure the goto URL matches what's in the agent profile, and one of them (the port check) fails.

agentRootURL has port 80. The gotoURL doesn't.

Try not specifying a port number for key agentRootURL and tell me if that works.

Side note : it seems you might not have the following property enabled in your AMConfig.properties :

com.sun.identity.enableUniqueSSOTokenCookie = true

HTH,

N.

npvisuala at 2007-7-12 0:57:37 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

After adding "agentRootURL=http://eauthdev.etc.net/" in addition to "agentRootURL=http://eauthdev.etc.net:80/" in the Agent properties, the CDSSO and Cookie Hijacking changes started working.

It seems this is a bug in AM7.x. If the default port is used by the agent for CDSSO (80 or 443) then either you have access the URLs of agent with port# in it or you need to add property agentRootURL with and without port.

Thanks,

Vivek

Vivek.Gupta.eToucha at 2007-7-12 0:57:37 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified