How does Post Data Preservation work for Web Agents (All versions)?
The purpose of this article is to provide information on Post Data Preservation (PDP) and how it affects the Web Agent.
1 reader recommends this article
What is Post Data Preservation (PDP)
Enabling PDP tells the agent to save the data entered in a form when it is received by the agent without a valid authenticated session. This helps prevent data loss if a session times out before the user submits the form.
PDP data is preserved in a local file-based cache in the /path/to/agent/log directory. When using PDP with a Web Agent, the user/browser must return to the same server that has the local cache containing the details being preserved or saved. If the follow up request ends up at a different server, it will not be able to retrieve the PDP data. If you change the POST Data Storage Directory (org.forgerock.agents.config.postdata.preserve.dir
), you must ensure the new directory has the same permissions as the original /path/to/agent/log directory.
There are a couple of different ways to send parameter data from one web page to another:
- GET parameters: these are limited in size and can also be seen in the browser.
- Data in the POST body: this allows for greater size and different formats of data to be sent. In some cases, this can result in a tremendous amount of data in the requests. For example, exampleform.html contains a form, which submits via POST to processform.php, which then retrieves the parameter data. This is the simplest possible scenario.
Observing data in the POST body
You can see the data in the example POST body snippet below (pdpForm) in an HTTP trace, for example:
<html><body><form name="pdpForm" action="https://am.example.com:8443/examples/servlets/servlet/RequestParamExample" method="POST"><input type="hidden" name="lastname" value="doe"/><input type="hidden" name="firstname" value="john"/></form><script type="text/javascript" language="javascript">document.pdpForm.submit();</script></body></html>How do I enable debug logging for troubleshooting Agents (All versions)? debugging in the agent will show the size of data that has been processed, and whether it is stored in-memory or in the file-based cache. Depending on processing speed, you may also be able to look in the logs directory. The output from a HTTP trace shows what has been received by the browser. The size information should match the content size in a working system.
Complications
The following scenarios introduce complications to PDP:
- Apache™ forwards on to PHP processing through FastCGI on a non-enforced URL.
- Apache forwards on to PHP processing locally but PHP endpoint is enforced.
- Apache forwards on to PHP processing through FastCGI on an enforced URL.
- Apache forwards on to processing of the CGI requests on another application server such as WebSphere®, Tomcat™ for further processing. This may or may not be an enforced endpoint.
- Any of these could also be using CDSSO.
- There could also be advices involved, which would mean session upgrade is involved.
Troubleshooting
The following information is needed for troubleshooting purposes:
- Details of the flow and what components are involved.
- The agent profile.
- The agent debug logs: How do I enable debug logging for troubleshooting Agents (All versions)?
- An HTTP trace. You can do this by capturing a HAR file as described in How do I create a HAR file for troubleshooting Identity Cloud? or How do I create a HAR file for troubleshooting AM?
See Also
Configure load balancers and reverse proxies
Related Training
N/A
Related Issue Tracker IDs
N/A