OpenSSO (OpenAM): Disable URL Enforcement

Question

OpenSSO (OpenAM): Disable URL Enforcement

We use OpenAM for session management in our application. The problem is that every time we try to pass parameters using the GET method, ressource is blocked (error 403 is forbidden). If the parameter is not specified, everything wikes.

Example:

http://mysite.com/logo.jpg ----> Works.

http://mysite.com/logo.jpg?foo=bar ----> ERROR !

There are usually no parameters for images or css, but all links using the GET method do not work.

How can we solve our problem? In fact, disabling this policy would be a good solution.

We searched section 7.4.2 in the OpenAM documentation ( http://openam.forgerock.org/doc/admin-guide/OpenAM-Admin-Guide.html ), but nothing works.

Any clue?

Thank you for your time.

+2

url-parameters opensso policy openam

esylvestre 20 sept '11 at 15:18

source share

2 answers

, , , 2 ,

.mysite.com/( http://)

.mysite.com/*

args .

, , .

+4

Allan Foster 21 . '11 2:56

Mike Verrier · Accepted Answer · 2011-09-21T13:20:00+0000

You need to create the appropriate policies for accepting the parameters in your URL.

In the OpenAm console:

- go to the Access Control Tab
- click on the realm you want to modify
- click on the Agents Tab
- click agent name you want to modify
- go to the Application Tab

Under Handling Non-Violent URLs

- look for the NotEnforced URLs parameter
- Enter the new policies in New Value
- click Add and then save.

You can use * or - * - depending on what you want:

* include all subkeys (for example: mysite.com/* will allow mysite.com/Foo/Bar)
-*- exclude subdivision (for example: mysite.com/-*- allow mysite.com/page1.aspx, but not mysite.com/Foo/page1.aspx)

, - mysite.com? -*- mysite.com?myparam=-*-

: , " : ", , , .

OpenSSO (OpenAM): Disable URL Enforcement

More articles: