Default Project CR-8238

Fix for OPENAM-6883 - SystemConfigurationUtil maintains a list of server URLs that assume lowercase...

Closed on 23 Sep 15

  •  
  •  
  •  
  •  
  • Author & Moderator
  • Reviewers
    • Reviewer completed
    • Reviewer completed
    • Reviewer completed
    • Reviewer completed

CR-8238 5

Keyboard shortcuts  
Summarize the review outcomes (optional)
 
#permalink

Details

Warning: no files are visible, they have all been filtered.
Participant Role Time Spent Comments Latest Comment
Author & Moderator 1h 1 Completely agree but from what I have seen of the server ...
Reviewer - Complete 16m 1 it feels a bit odd that idToServerTable has the original ...
Reviewer - Complete 13m 1 So as far as I can see there's 3 calls using getServerFro...
Reviewer - Complete 1m 1 lgtm
Reviewer - Complete 16m 1 LGTM
Total   1h 45m 5  
#permalink

Objectives

SystemConfigurationUtil maintains a list if server IDs to server URLs and is used when Federation calls need to be made to the original server.

The URLs being stored assume that the deployment context is always lowercase so a lookup of a server ID always returns a lowercase version of the URL. If the deployment context is not all lower case, the request fails with a 404.

For example, a set of servers made up of:

01 http://openam1.example.com/SSO
02 http://openam2.example.com/SSO

These are stored in the list as http://openam1.example.com/sso and http://openam2.example.com/sso so a request meant for 2 that hits 1 is sent to http://openam2.example.com/sso which fails with a 404.

Example problem case can be seen in IDPArtifactResolution.onMessage()

    String remoteServiceURL = SystemConfigurationUtilgetServerFromID(targetServerID);
    remoteArtURL = remoteServiceURL + SAML2Utils.removeDeployUri(request.getRequestURI());
    SOAPConnection con = SAML2Utils.scf.createConnection();
    SOAPMessage resMsg = con.call(message, remoteArtURL);


So a request that should go to http://openam1.example.com/SSO/ArtifactResolver/metaAlias/idp ends up going to http://openam1.example.com/sso/ArtifactResolver/metaAlias/idp

The fix ensures that the server URL is kept in its original case and is returned as the result of a server ID lookup, which is then used in real cross-talk Federation calls.

#permalink

Issues Raised From Comments

Key Summary State Assignee
#permalink

General Comments

18 Sep 15

Ken Stubbings says:

LGTM

21 Sep 15

David Luna says:

lgtm

22 Sep 15

jonthomas says:

So as far as I can see there's 3 calls using getServerFromID(), probably most involved is SAMLUtils.getServerURL() method- but it all looks ok with this change.

/openam-federation/.../common/ServerOrSiteEntry.java Changed  
Open in IDE #permalink
/openam-federation/.../common/SystemConfigurationUtil.java Changed   2
Open in IDE #permalink

Review updated: Reload | Ignore | Collapse

You cannot reload the review while writing a comment.

Create Issue

X
Assign To Me

Log time against