How does Post Data Preservation work for Web Agents (All versions)?

What is Post Data Preservation (PDP)

Enabling PDP tells the agent to save the data entered in a form when it is received by the agent without a valid authenticated session. This helps prevent data loss if a session times out before the user submits the form.

PDP data is preserved in a local file-based cache in the /path/to/agent/log directory. When using PDP with a Web Agent, the user/browser must return to the same server that has the local cache containing the details being preserved or saved. If the follow up request ends up at a different server, it will not be able to retrieve the PDP data. If you change the POST Data Storage Directory (org.forgerock.agents.config.postdata.preserve.dir), you must ensure the new directory has the same permissions as the original /path/to/agent/log directory.

There are two methods for ensuring the user returns to the original server: cookie or URL. This means the load balancer must use either the cookie or URL being set by the Agent to route the user back to the same server where they completed the form. Whether a cookie or URL is used is determined by the POST Data Sticky Load Balancing Mode property, which you should set appropriately along with the POST Data Sticky Load Balancing Value property and POST Data Sticky Load Balancing Cookie Name property if needed. See Post data preservation for further information.

There are a couple of different ways to send parameter data from one web page to another:

• GET parameters: these are limited in size and can also be seen in the browser.
• Data in the POST body: this allows for greater size and different formats of data to be sent. In some cases, this can result in a tremendous amount of data in the requests. For example, exampleform.html contains a form, which submits via POST to processform.php, which then retrieves the parameter data. This is the simplest possible scenario.

Observing data in the POST body

You can see the data in the example POST body snippet below (pdpForm) in an HTTP trace, for example:

How do I enable debug logging for troubleshooting Agents (All versions)? debugging in the agent will show the size of data that has been processed, and whether it is stored in-memory or in the file-based cache. Depending on processing speed, you may also be able to look in the logs directory. The output from a HTTP trace shows what has been received by the browser. The size information should match the content size in a working system.

Complications

The following scenarios introduce complications to PDP:

• Apache™ forwards on to PHP processing through FastCGI on a non-enforced URL.
• Apache forwards on to PHP processing locally but PHP endpoint is enforced.
• Apache forwards on to PHP processing through FastCGI on an enforced URL.
• Apache forwards on to processing of the CGI requests on another application server such as WebSphere®, Tomcat™ for further processing. This may or may not be an enforced endpoint.
• Any of these could also be using CDSSO.
• There could also be advices involved, which would mean session upgrade is involved.

Troubleshooting

The following information is needed for troubleshooting purposes:

• Details of the flow and what components are involved.
• The agent profile.
• The agent debug logs: How do I enable debug logging for troubleshooting Agents (All versions)?
• An HTTP trace. You can do this by capturing a HAR file as described in How do I create a HAR file for troubleshooting Identity Cloud? or How do I create a HAR file for troubleshooting AM?

See Also

Post data preservation

Configure load balancers and reverse proxies

Related Training

N/A

Related Issue Tracker IDs

N/A