Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
lelle1 Absent Member.
Absent Member.
1094 views

troubleshooting header injection

Hi,

I'm troubleshooting a header injection problem for a customer with a 4.2.2 setup of Access Manager.
They do from time to time recive a error that kills one of there java application that doesn't handle http redirects well.
The error in apache error log is
" II Eval error: Bad-User invalid-user java.util.ConcurrentModificationException"
Has anybody any idea if this is a bug or a timing issu or something else?
Or any other suggestion how to try to figure out what is happening

/Lelle
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: troubleshooting header injection

On 11-12-2018 9:04 AM, lelle wrote:
>
> Hi,
>
> I'm troubleshooting a header injection problem for a customer with a
> 4.2.2 setup of Access Manager.
> They do from time to time recive a error that kills one of there java
> application that doesn't handle http redirects well.
> The error in apache error log is
> " II Eval error: Bad-User invalid-user
> java.util.ConcurrentModificationException"
> Has anybody any idea if this is a bug or a timing issu or something
> else?
> Or any other suggestion how to try to figure out what is happening


Is there any more log by any chance? The custom apache module that NetIQ wrote uses Tomcat (the ESP) to obtain the value to inject so check the
catalina.out to see if you see any more info there. You might have to enable more debug logging tho.


--
Cheers,
Edward
0 Likes
lelle1 Absent Member.
Absent Member.

Re: troubleshooting header injection

Hi Edward,

I have enabled debug logging

As far as I understand the IDP is returning the "attriCodTipoSujetoWSATR" but the error is thrown anyway
This is what I see in logs
From EPS catalina.out

------ Client! Outgoing Request, ID: jpihliomtcxijk, MsgForm: SOAPENVELOPE ------
Document in SOAPEnvelope Format:
SOAP Headers:
<is:UserInteraction> (urn:liberty:is:2003-08):
Attr: id, Value: jpihlioldhfiji
Attr: interact, Value: is:doNotInteract
Attr: soapenv:actor, Value: http://schemas.xmlsoap.org/soap/actor/next
Attr: soapenv:mustUnderstand, Value: 0
Attr: xmlns:is, Value: urn:liberty:is:2003-08
Attr: xmlns:soapenv, Value: http://schemas.xmlsoap.org/soap/envelope/
<ns1:Correlation> (urn:liberty:sb:2003-08):
Attr: id, Value: jpihliombdxijl
Attr: messageID, Value: jpihliomtcxijk
Attr: soapenv:actor, Value: http://schemas.xmlsoap.org/soap/actor/next
Attr: soapenv:mustUnderstand, Value: 1
Attr: timestamp, Value: 2018-12-10T15:43:44Z
Attr: xmlns:ns1, Value: urn:liberty:sb:2003-08
Attr: xmlns:soapenv, Value: http://schemas.xmlsoap.org/soap/envelope/
<ns1:Provider> (urn:liberty:sb:2003-08):
Attr: id, Value: jpihliomh57ijm
Attr: providerID, Value: http://linkag01pre.domain.com:80/nesp/idff/metadata
Attr: soapenv:actor, Value: http://schemas.xmlsoap.org/soap/actor/next
Attr: soapenv:mustUnderstand, Value: 1
Attr: xmlns:ns1, Value: urn:liberty:sb:2003-08
Attr: xmlns:soapenv, Value: http://schemas.xmlsoap.org/soap/envelope/
<ns1:Timeout> (urn:liberty:sb:2004-04):
Attr: id, Value: jpihliomxffijn
Attr: maxProcessingTime, Value: 300
Attr: soapenv:actor, Value: http://schemas.xmlsoap.org/soap/actor/next
Attr: soapenv:mustUnderstand, Value: 0
Attr: xmlns:ns1, Value: urn:liberty:sb:2004-04
Attr: xmlns:soapenv, Value: http://schemas.xmlsoap.org/soap/envelope/
SOAP Body:
<ldap:Query(urn:novell:ldap:2006-02)>:ns=urn:novell:ldap:2006-02 nspfx=ldap id=jpihliojudxijf itemId=jpihliojeo1ijg
<ldap:ResourceID(urn:novell:ldap:2006-02)>:
Text: https://loginpre.domain.com:8443/nidp/?rsid%3D172.16.5.23%26sess%3DCEF6625FDEA5968A83EF4E45B3F2B428%26ugid%3D3063939e3549094c804d9457b40a2c10%26tpid%3Dhttp%3A%2F%2Flinkag01pre.domain.com%3A80%2Fnesp%2Fidff%2Fmetadata%26auth%3DLDAPLDAPV.1.0%26svc%3Durn%3Anovell%3Aldap%3A2006-02%26ulid%3DbtKJG4nnQ85XNUAQaD5JEmk8SR5rPEwS84DBsw%3D%3D%26OB%3Dfalse
<ldap:QueryItem(urn:novell:ldap:2006-02)>:id=jpihliojyc5ijh itemId=NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriCodTipoSujetoWSATR~22~5D includeCommonAttributes=false
<ldap:Select(urn:novell:ldap:2006-02)>:Select String: /UserAttribute[@ldap:targetAttribute="attriCodTipoSujetoWSATR"] </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSP:
Method: WSFRequestResponseDebugHandler.invoke
Thread: ajp-nio-127.0.0.1-9009-exec-15

------ Client! Incomming Response, ID: NotLookedFor, MsgForm: INPUTSTREAM ------
Document in InputStream Format: Will not serialize it!
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCRequestor.isAxisFaultForServiceInstanceUpdate
Thread: ajp-nio-127.0.0.1-9009-exec-15
AxisFault: Checking for ServiceInstanceUpdate Status error codes! AxisFault: java.util.ConcurrentModificationException </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCRequestor.isAxisFaultForServiceInstanceUpdate
Thread: ajp-nio-127.0.0.1-9009-exec-15
No Recognizable Fault Status Found. Rethrowing original AxisFault! </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCRequestor.A
Thread: ajp-nio-127.0.0.1-9009-exec-15
Non user interaction AxisFault found! Creating failed statuses for response objects! AxisFault: AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.util.ConcurrentModificationException
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:MOL11P24
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCQRequestThread.sendRequest
Thread: ajp-nio-127.0.0.1-9009-exec-15
Service Lookup call returned QueryResponse:

<ldap:QueryResponse(urn:novell:ldap:2006-02)>:ns=urn:novell:ldap:2006-02 nspfx=ldap timeStamp=2018-12-10T15:43:44Z
<ldap:Status(urn:novell:ldap:2006-02)>:code=ldap:Failed
<ldap:Status(urn:novell:ldap:2006-02)>:code=ldap:Server.userException comment=java.util.ConcurrentModificationException </amLogEntry>



IDP Logs stderr.log (Windows IDP)

------ Server! Outgoing Response, ID: jpihliomtcxijk, MsgForm: SOAPENVELOPE ------
Document in SOAPEnvelope Format:
SOAP Headers: None:
SOAP Body:
<ldap:QueryResponse(urn:novell:ldap:2006-02)>:ns=urn:novell:ldap:2006-02 nspfx=ldap itemIdRef=jpihliojeo1ijg timeStamp=2018-12-10T15:43:47Z
<ldap:Status(urn:novell:ldap:2006-02)>:code=ldap:OK
<ldap:Data(urn:novell:ldap:2006-02)>:
itemIdRef: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriCodTipoSujetoWSATR~22~5D

<ldap:UserAttribute(urn:novell:ldap:2006-02)>: Id: jpihlkjaz684pc
Target Attribute: attriCodTipoSujetoWSATR

<ldap:Value(urn:novell:ldap:2006-02)>: Encoding: none
Value: *****
</amLogEntry>

/Lelle
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: troubleshooting header injection

On 12-12-2018 12:54 AM, lelle wrote:
> itemId=NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriCodTipoSujetoWSATR~22~5D
> includeCommonAttributes=false


ok, so the ESP will query the IDP webservice to obtain that attribute value. Can you dupe the issue again and check the catalina.out for any obvious
errors? It could be that the IDP is returning some unexpected result that ESP isn't dealing with very well

--
Cheers,
Edward
0 Likes
lelle1 Absent Member.
Absent Member.

Re: troubleshooting header injection

Hi Edward,

We can replicate issue more or less at will, It takes from 50-1500 requests to do that, so it's very random. In production it happens from 1 to 10 times a day.
To test we do request from soapui so alway usning the same userid.
Hi have tried to disable the header injection policy so I know its related to attribute retrival
I figured that this was the IDP's reply to the ldap query,
As I understand the logfile the ESP thinks LDAP is failed it terminate the user session and set the reply to the proxy to bad user. But I cant figure out why.
I have marked this in red
The working request before and after is the same user id

------ Server! Outgoing Response, ID: jpihliomtcxijk, MsgForm: SOAPENVELOPE ------
Document in SOAPEnvelope Format:
SOAP Headers: None:
SOAP Body:
<ldap:QueryResponse(urn:novell:ldap:2006-02)>:ns=urn:novell:ldap:2006-02 nspfx=ldap itemIdRef=jpihliojeo1ijg timeStamp=2018-12-10T15:43:47Z
<ldap:Status(urn:novell:ldap:2006-02)>:code=ldap:OK
<ldapata(urn:novell:ldap:2006-02)>:
itemIdRef: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken ~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAtt ribute~3D~22attriCodTipoSujetoWSATR~22~5D

<ldap:UserAttribute(urn:novell:ldap:2006-02)>: Id: jpihlkjaz684pc
Target Attribute: attriCodTipoSujetoWSATR

<ldap:Value(urn:novell:ldap:2006-02)>: Encoding: none
Value: *****
</amLogEntry>


And ESP log of the same request

<ldap:QueryResponse(urn:novell:ldap:2006-02)>:ns=urn:novell:ldap:2006-02 nspfx=ldap timeStamp=2018-12-10T15:43:44Z
<ldap:Status(urn:novell:ldap:2006-02)>:code=ldap:Failed
<ldap:Status(urn:novell:ldap:2006-02)>code=ldap:Server.userExceptioncomment=java.util.ConcurrentModificationException</amLogEntry>
<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSC.A
Thread: ajp-nio-127.0.0.1-9009-exec-15
Still have data items that have not been filled </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-nio-127.0.0.1-9009-exec-15
Object gotten from in memory HashMap: Key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4, Object: com.novell.nidp.liberty.wsc.cache.alreadyread.WSCCacheAlreadyReadCache@2786eacc </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCToken.getToken
Thread: ajp-nio-127.0.0.1-9009-exec-15
Warning: Unable to locate token for modelEntry: LDAP attributes of my authenticated user object and token use type: 1 </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCCacheAlreadyReadCache.add
Thread: ajp-nio-127.0.0.1-9009-exec-15
Added WSCCacheAlreadyReadCacheSet:
NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriNombreTipoSujetoWSATR~22~5D </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSP:
Method: WSFXPath.<init>
Thread: ajp-nio-127.0.0.1-9009-exec-15
Creating a WSFXPath in model: LDAP Attribute Profile for XPath: /UserAttribute[@ldap:targetAttribute="attriNombreTipoSujetoWSATR"] </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSC.A
Thread: ajp-nio-127.0.0.1-9009-exec-15
Added cache set to session cache: WSCCacheAlreadyReadCacheSet:
Id is unique token id for: Ldap Attribute:attriNombreTipoSujetoWSATR
Key: doNotInteractNEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriNombreTipoSujetoWSATR~22~5D
WSCCacheEntry:

<wscch:WSCCacheEntry(urn:wsccache:xml:2009-02)>:
Markup (Count: 2):
UniqueId: jpihlipbf57ijp
Markup: Name: WSCCacheAuthenticationMarkup
Authentication Instance Cookie: 1

UniqueId: jpihlipbspbijq
Markup: Name: WSCCacheInteractionMarkup
Interaction Level: doNotInteract
Token UniqueId: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriNombreTipoSujetoWSATR~22~5D
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-nio-127.0.0.1-9009-exec-15
Object gotten from in memory HashMap: Key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4, Object: com.novell.nidp.liberty.wsc.cache.alreadyread.WSCCacheAlreadyReadCache@2786eacc </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: SwapHashMap.remove
Thread: ajp-nio-127.0.0.1-9009-exec-15
Object removed from in memory HashMap: Key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4, Object: com.novell.nidp.liberty.wsc.cache.alreadyread.WSCCacheAlreadyReadCache@2786eacc </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: SwapHashMap.put
Thread: ajp-nio-127.0.0.1-9009-exec-15
Object put: Key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4 </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCCache.add
Thread: ajp-nio-127.0.0.1-9009-exec-15
Added Object: key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4 </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSC.A
Thread: ajp-nio-127.0.0.1-9009-exec-15
Completed Request. Response: WSCResponse:
Status: All Failure
WSCQResponseEntry:
WSCQLDAPToken:
Model Entry: UserAttribute
Unique Id: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriNombreTipoSujetoWSATR~22~5D
Select String: /UserAttribute[@ldap:targetAttribute="attriNombreTipoSujetoWSATR"]

Status: Server.userException
Status Message: java.util.ConcurrentModificationException
WSCQResponse: </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application: AM#501101053: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: WSCQuery error status returned: Server.userException: Terminating user session </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9009-exec-15

Retrieval of object com.novell.nidp.NIDPSubject@125eef72 from cache subject succeeded using key 5204. Cache size is 12
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z INFO NIDS Application: AM#500105029: AMDEVICEID#esp-55A3ACFE766248D9: Logged out session id: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4 </amLogEntry>


<amLogEntry> 2018-12-10T15:43:44Z VERBOSE NIDS Application: NIDPSubject=null </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCCache.remove
Thread: ajp-nio-127.0.0.1-9009-exec-15
Removed Object: key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4 </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSC:
Method: WSCCache.remove
Thread: ajp-nio-127.0.0.1-9009-exec-15
Removed Object: key: 6AD5E7D7EF41AC7E0AEC4F687BA4FAF4 </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application: AM#501101052: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: Throwing data unavailable response: Data Item - 6647: Parameter - NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriNombreTipoSujetoWSATR~22~5D </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application: AM#501101051: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: Invalid user session identifier </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application: AM#501101052: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: Throwing data unavailable response: Data Item - 6647: Parameter - NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22attriCodPerfilesActivosWSATR~22~5D </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z WARNING NIDS Application: AM#501101051: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: java.util.ConcurrentModificationException </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z INFO NIDS Application: AM#501101021: AMDEVICEID#esp-55A3ACFE766248D9: AMAUTHID#6AD5E7D7EF41AC7E0AEC4F687BA4FAF4: PolicyID#L5847N25-5181-LKK6-31K5-0L6MNM9P4M5P: NXPESID#4999474: Response sent: Status - invalid-user:java.util.ConcurrentModificationException </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: BaseHandler.sendSOAPResponse
Thread: ajp-nio-127.0.0.1-9009-exec-15
SOAP EndpointResponse:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<NXPES Id="4999474" Message="java.util.ConcurrentModificationException" Status="invalid-user">
<EvaluateResponse>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
<DoAction ActionName="InjectCustomHeader" ActionTTL="-1" Enum="2720">
<Parameter Enum="10" Name="HeaderName" Value="XX"/>
<Parameter Enum="20" Name="Text" Value="XX"/>
</DoAction>
</EvaluateResponse>
</NXPES>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9009-exec-15

Retrieval of object from cache session failed using key E084532B7DC38E4104827FDD60920E5C. Cache size is 77
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9009-exec-15

Retrieval of object from cache ancestralsession failed using key E084532B7DC38E4104827FDD60920E5C. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: NIDPContextListener.sessionDestroyed
Thread: ajp-nio-127.0.0.1-9009-exec-15
Destroyed session AMAUTHID#E084532B7DC38E4104827FDD60920E5C </amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9009-exec-15

Retrieval of object from cache session failed using key E084532B7DC38E4104827FDD60920E5C. Cache size is 77
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-nio-127.0.0.1-9009-exec-15

Retrieval of object from cache ancestralsession failed using key E084532B7DC38E4104827FDD60920E5C. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-12-10T15:43:44Z DEBUG NIDS WSP:
Method: WSFRequestResponseDebugHandler.invoke
Thread: ajp-nio-127.0.0.1-9009-exec-18

Thanks for your help

/Lelle
0 Likes
lelle1 Absent Member.
Absent Member.

Re: troubleshooting header injection

Hi,

Now I have a plan B that I will try, instead of retrieving all the attributes from the SOAP back channel I will try to get them when doing the authentication with the saml assertion. I havn't had to do that before.
I found the solution in a old Cool solution, perhaps information is out dated, but it's worth a try.
URL to Cool Solution
https://www.netiq.com/communities/cool-solutions/how-configure-access-gateway-embedded-service-provider-reduce-access-gateway-load-and-impr/

/Lelle
0 Likes
lelle1 Absent Member.
Absent Member.

Re: troubleshooting header injection

Hi all,

To close this tread, I did the setup according to Neils Cool Solution and it seems to resolved my customers problem.
Perhaps everybody except me already is doing this, but otherwise if you are doing extensive attribute lookups for injection and such I really recommend this solution
As always thanks Edward for your help.

/Lelle
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: troubleshooting header injection

On 13-12-2018 11:54 PM, lelle wrote:
>
> Hi all,
>
> To close this tread, I did the setup according to Neils Cool Solution
> and it seems to resolved my customers problem.
> Perhaps everybody except me already is doing this, but otherwise if you
> are doing extensive attribute lookups for injection and such I really
> recommend this solution
> As always thanks Edward for your help.


Weird, glad you got it fixed tho.


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.