Long URL handling applies to both credential collectors (ECC or DCC) and is a default operation.
By default, the Resource Webgate checks the payload size of the front channel protocol message to determine if it is larger than the coded limit. When long URL handling is explicitly enabled, the limit is ignored and has no impact.
The credential collector determines if the front channel response payload is to be sent as HTTP Post data when:
The incoming request indicates that the agent is capable of handling HTTP POST or REDIRECT type of response
The credential collector is configured to always send the payload as HTTP post data
The credential collector is configured to always send the payload as a query string
If no explicit configuration is present, then if the payload size is greater than predefined limit, then it shall send payload as the HTTP post data. But if the payload size is lower than the predefined limit, then it shall send it on the query string.
Note:
If application post data is also preserved there is no impact.
Table 22-33 identifies Long URL handling functionality with both the ECC and DCC.
Table 22-33 ECC and DCC: Long URL Handling
ECC Long URL Handling | DCC Long URL Handling |
---|---|
ECC is compatible with all 11g Webgates. |
Same as ECC. |
N/A |
Long URL handling is limited to the maximum allowed size of the DCCContextCookie. The DCC does not perform explicit long URL handling. There is no support to preserve the front channel payload on the form. |
FORM challenge method, supported with the out of the box login page.
WNA
Basic
Basic+Sessionless
X509
OIF, OIM, OAAM integrations using TAP
Table 22-34 summarizes the parameters and complete configuration requirements for authentication Long URL handling. All requirements described in Table 22-34 are supported end to end with the specified authentication schemes.
Table 22-34 Parameters Required for Long URL Handling
Parameter | Description |
---|---|
ChallengeRedirectMethod |
Configure this as either as an Authentication Scheme challenge parameter (or as a user-defined Webgate parameter) for POST-data preservation for both the embedded credential collector (ECC) and the detached credential collector (DCC). Note: Preference is given first to the Authentication Scheme containing this parameter; second to the Webgate providing this user-defined parameter. Otherwise, default behavior is Dynamic. Value: GET|POST|DYNAMIC Behavior when value is:
See Also: "Configuring Authentication POST Data Handling" |
ChallengeRedirectMaxMessageBytes |
Configure this user-defined Webgate parameter to limit the size of the message data received as obrareq.cgi and obrar.cgi. Message data is comprised of query string length (if present) or POST data length (if POST data is present). If message size exceeds this limit, the message is not processed and the existing message is shown in the browser. The event is logged as usual. Default: 8192 bytes Notes: obrareq.cgi is the authentication request in the form of a query string redirected from Webgate to the credential collector (OAM server or DCC). obrar.cgi is the authentication response string redirected from the credential collector (OAM server or DCC) to Webgate. See Also: "Configuring Authentication POST Data Handling" |
serverRequestCacheType ECC Only |
Configure this OAM parameter to define the mechanism used to remember the request context by the embedded credential collector (ECC). This OAM Server parameter in $DOMAIN_HOME Default: COOKIE FORM is the required value for POST data preservation, Long URL handling and Form-based authentication schemes. See Also: |
Long URL handling is enabled by default. The Webgate/credential collector sends data either as a query string or a POST. The length of the querystring parameter sent with obrareq.cgi and obrar.cgi is 2000 characters maximum.