重定向循环问题的Web策略代理? [英] Redirect Loop Problem for Web Policy Agent?
问题描述
我也跟着<一个href=\"https://wikis.forgerock.org/confluence/display/openam/Web+Policy+Agent+for+Apache+2.2+Installation+Guide\">the安装指南对于Apache Web策略代理,但它总是会导致Web和应用服务器之间的无限重定向循环。火狐说:该页面无法正常重定向和Chrome认为此网页有重定向循环。该设置是一个Apache 2端口80上的一个小演示应用程序和一个Web策略代理,并与OpenAM服务器的端口8080的Tomcat 7服务器(原OpenSSO的来自Sun):
I followed the installation guide for an Apache Web Policy Agent, but it always results in an endless redirect loop between web and application server. Firefox says "The page isn't redirecting properly" and Chrome thinks that "This webpage has a redirect loop". The setup is an Apache 2 on port 80 with a small demo app and a Web Policy Agent, and a Tomcat 7 server on port 8080 with an OpenAM server (the former OpenSSO from Sun):
- 程序URL http://hostname.example.com:80/ (App和代理,在Apache 2.2上运行。 16)
- OpenAM服务器URL http://hostname.example.com:8080/openam (在Tomcat 7.0.12运行)
- App URL http://hostname.example.com:80/ (App and Agent, running on Apache 2.2.16)
- OpenAM Server URL http://hostname.example.com:8080/openam (running on Tomcat 7.0.12)
该实时HTTP头Firefox的插件显示,策略代理和OpenAM服务器(即Apache和Tomcat服务器)重定向到对方,尽管服务器正确设置了SSO令牌的Cookie。 SSO令牌cookie的名称有默认值iPlanetDirectoryPro。任何想法如何解决这个问题?
The Live HTTP Header Firefox plugin shows that the policy agent and the OpenAM server (i.e. the Apache and Tomcat servers) redirect to each other, although the server sets the SSO Token Cookie correctly. The name of the SSO Token Cookie has the default value "iPlanetDirectoryPro". Any idea how to solve the problem?
推荐答案
整整一个星期,我终于想通了之后,用#1的帮助和的<a href =https://lists.forgerock.org/mailman /列表信息/ openam> OpenAM邮件列表。有两个主要问题:缺少日志文件和cookie的缺失域。安装OpenAM服务器和Web策略代理是困难的,有很多的日志文件和许多不同的配置选项。如果你选择了错误的选择,它不会工作。这是不可能的,使其不知道是怎么回事,这只能通过适当的日志文件来确定工作。
After a whole week I finally figured it out, with the help of Stackoverflow and the OpenAM Mailing list. There were two main problems: missing log files and missing cookie domains. Installing the OpenAM server and the Web Policy Agent is difficult, there are a lot of log files and many different configuration options. If you select the wrong options, it won't work. It is impossible to make it work without knowing what is going on, which can only be determined by a suitable log file.
缺少登录的Web策略代理:日志级别必须在Java属性文件中设置。还有用于Web策略代理, OpenSSOAgentBootstrap.properties 和 OpenSSOAgentConfiguration.properties 两个Java属性的文件。它被命名为 com.sun.identity.agents.config.debug.level 可以而且必须在两个(!)文件中定义的日志和调试水平,它应该是设置为高电平时,所有4 或所有5 。格式是很重要的。即使你做到这一点,当代理不集中配置模式工作 AgentConfiguration.properties 文件时才使用。配置文件必须设置为本地。
Missing Log for Web Policy Agent : The log level must be set in the "Java properties" files. There are two "Java Properties" files for the Web Policy Agent, OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties. The log and debug level which is named com.sun.identity.agents.config.debug.level can and must be defined in both (!) files, and it should be set to the high level, all:4 or all:5. The format is important. Even if you do this, the AgentConfiguration.properties file is only used when the agent is not working in centralized config mode. The profile must be set to "local".
缺少Cookie域:不要忘了OpenAM服务器在开始安装过程中输入正确的Cookie域,或事后添加,如果缺少它。在OpenAM服务器上,转到结构&gt;系统&gt;平台和更改cookie域值到你的域(instace .example.com的),如果它缺少。否则,浏览器将在重定向过程中失去你的cookie。不知怎的,我曾在OpenAM服务器Cookie域的空白项,我猜忘了点( example.com 而不是 .example.com的),因此它是无效的(或者类似的东西)。
Missing Cookie Domain: Do not forget to enter the right Cookie Domain during the setup of the OpenAM server in the beginning, or add it afterwards if it is missing. On the OpenAM server, go to Configuration > System > Platform and change the Cookie Domain Value to your domain (for instace .example.com) if it is missing. Otherwise the browser will lose your cookie during the redirect process. Somehow I had an empty entry for the cookie domain at the OpenAM server, I guess a forgot a dot (example.com instead of .example.com) so that it was invalid (or something like that).
这排除网站是有益的定位问题。
这篇关于重定向循环问题的Web策略代理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
