WebSphere Application Server & Liberty

 View Only
Expand all | Collapse all

OpenID Relying Party Interceptor with interceptedPathFilter Containing URI Schema und Authority

  • 1.  OpenID Relying Party Interceptor with interceptedPathFilter Containing URI Schema und Authority

    Posted Mon August 29, 2022 12:15 PM
    Hello IBM Folks,

    we defined a relying party interceptor with a interceptedPathFilter starting at the context root of our application („ourApplication") and an authorizeEndpointUrl with an endpoint in our application, which is deployed on the same WebSphere. This works so far.

    Now we have the situation (at customer site), that the WebSphere (and so the application) should be reachable via a Web Application Firewall (WAF) as well as without the WAF routing. This means that, we have to support URIs with different authority parts:

    1. https://with-waf/ourApplication
    2. https://without-waf/ourApplication

    So, the idea was to define two providers in the RP with two different values for the authorizeEndpointUrl and the interceptedPathFilter parameters like this:

    - provider_1.authorizeEndpointUrl=https://with-waf/ourApplication/authorize
    - provider_1. interceptedPathFilter =https://with-waf/ourApplication.*
    - provider_2.authorizeEndpointUrl=https://without-waf/ourApplication/authorize
    - provider_2. interceptedPathFilter =https://without-waf/ourApplication.*

    But this doesn't work, because it seems, that the interceptedPathFilter cannot be defined with the schema and the authority part. At least the redirect to the authorize endpoint doesn't work when I do this.

    Is there another solution for this problem?

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------


  • 2.  RE: OpenID Relying Party Interceptor with interceptedPathFilter Containing URI Schema und Authority

    Posted Wed August 31, 2022 09:27 AM
    Hello IBM Folks,

    forget this topic! The authorize web-service endpoint is called from the RP at the application deployed on the same WebSphere, so there is no need to route this request over the WAF, and so there is also no need to configure different providers for this purpose.

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------



  • 3.  RE: OpenID Relying Party Interceptor with interceptedPathFilter Containing URI Schema und Authority

    Posted Wed September 07, 2022 08:48 AM
    In the meanwhile I solved this problem. I have to define the provider_<i>.filter parameter instead of the provider_<i>. interceptedPathFilter.

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------