Environment
NetIQ Access Manager 4.3
NetIQ Access Gateway Administration Console
Modify Access Manager policies in iManager
Problem shows up with edit, Copy Condition, Copy Group & Copy Action functionalities.
NetIQ Access Gateway Administration Console
Modify Access Manager policies in iManager
Problem shows up with edit, Copy Condition, Copy Group & Copy Action functionalities.
Situation
NAM administrator tries to change an existing Authorization policy within iManager and sees 404 errors reported in iManager. With some additional tests, the same 404 error was thrown not only with an edit operation but also the Copy Condition, Copy Group & Copy Action operations eg. open an existing Authorization Policy that restricts access on an IP address and select URL/IP Condition --> Change the Value to Data Entry Field. Clicking on the "Edit" pencil button and note that it doesn't allow editing and you will see the 404 error.
Looking at the Admin console app_sc logs shows IllegalArgumentException:
java.lang.IllegalArgumentException: Illegal character in query at index 359: /roma/jsp/admin/policy/conditionedit.jsp?typecontainerid=9mtivrrqe2zam4&typepolicyid=AccessGateway&containerid=mastercdn&policycollectionid=xpemlPEP&policyid=PolicyID_xpemlPEP_AGAuthorization_1486358195975&policyname=test&rulenumber=1&set=1&condition=1&ruleid=RuleID_1486358195975&width=1600&datatype=url-path&operator=nxpeOperator_url-path-equals&display=URL Path: URL Path : Equals&oneruleonly=false
This is breaking the RFC (http://www.faqs.org/rfcs/rfc1738.html). When we click on edit, we generate a request to the above URL … if you scan for char 359, you will see it is the space between ‘URL’ and ‘Path’ which is not a valid URI character. We should be encoding these to avoid such an exception.
Looking at the Admin console app_sc logs shows IllegalArgumentException:
java.lang.IllegalArgumentException: Illegal character in query at index 359: /roma/jsp/admin/policy/conditionedit.jsp?typecontainerid=9mtivrrqe2zam4&typepolicyid=AccessGateway&containerid=mastercdn&policycollectionid=xpemlPEP&policyid=PolicyID_xpemlPEP_AGAuthorization_1486358195975&policyname=test&rulenumber=1&set=1&condition=1&ruleid=RuleID_1486358195975&width=1600&datatype=url-path&operator=nxpeOperator_url-path-equals&display=URL Path: URL Path : Equals&oneruleonly=false
This is breaking the RFC (http://www.faqs.org/rfcs/rfc1738.html). When we click on edit, we generate a request to the above URL … if you scan for char 359, you will see it is the space between ‘URL’ and ‘Path’ which is not a valid URI character. We should be encoding these to avoid such an exception.
Resolution
Apply NAM 4.3 SP2.
The fix encoded the full url and fixed the path used to fetch the xml elements from the policy xml
The fix encoded the full url and fixed the path used to fetch the xml elements from the policy xml