Unable To Post Data To An Application As Coreid Webgate Is Consuming The Data (Doc ID 737343.1)

Last updated on JUNE 07, 2017

Applies to:

COREid Access - Version: 7.0.4
COREid Access - Version: 10.1.4.0.1 to 10.1.4.2
Linux x86-64

Symptoms

You may face an issue when posting data on Apache 2 Web server with 7.0.4 Webgate. You may be not able to post data to an application as Webgate consumes the data

Assume you have below environment.

-- 7.0.4 Webgate for Apache2 Web server on Linux OS

-- Assume you have configured a Policy Domain to protect "sr_test.jsp" with None Authentication for test_guest user and Policy inside the Policy Domain to protect sr_test.jsp?SSOLOGIN=true with Form Authentication with 'Query String Variables'.

-- Assume you have set headervar value for "SSOOblixUser" to test_guest for None Authentication Scheme and headervar value for "SSOOblixUser" to test_user for Form Authentication Scheme on Authentication Success.


Below mentioned is an example of configuration.
===================================
In the Apache file, there is a rewrite to go to tomcat :

RewriteRule /testApp(.*) http://hostname:port/testApp$1 [P]

Contents of sr_test.jsp

Source code:
<form action="" method="POST">
<input type="hidden" name="requestparam_1" value="Some Value for PARAM-1" />
<input type="hidden" name="requestparam_2" value="Some Value for PARAM-2" />
<input type="submit" name="submit">


http://<hostname>/testApp/sr_test.jsp display all headers when POST to itself. This page has 2 static hidden variables.


The below mentioned test gives two scenarios where in for first example it is not working as expected and in the second one it is working as expected.

Steps to Reproduce :

1) Browse the URL http://hostname/testApp/sr_test.jsp. If you open this page, and click submit, there is an error. The POST data doesn't reach Tomcat. When using None Authentication, Policy Domain is configured to set "" to test_guest".

2) Browse URL http://hostname/testApp/sr_test.jsp?SSOLOGIN=true is protected with a Form login in Policies of a Policy Domain. If you go to this page and click submit, the data comes right back. When using Form Authentication, Policy Domain is configured to set "SSOOblixUser" to "test_user".

Changes

This issue is only observed with Apache2 and 2.2. This issue is not observed on Apache 1.3.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms