We found the parameter "XFFEnabled" in arcotafm.properties file, but we have no idea of its usage
It's not documented in techdocs and there is nothing that looks related in AFM Wizard
Can you please tell us the purpose of this parameter and how to use it?
Release : 9.1
Component : AuthMinder(Arcot WebFort)
As per current implementation, AFM picks the value of client IP from X-Forwarded-For Header value without proper validation.
Configuration of 'X-FORWARDED-FOR' functionality in AFM is made optional. This functionality is disabled by default.
To support configuration of this functionality, a new AFM properties parameter has been introduced as 'XFFEnabled'.
To enable it, set it as 'XFFEnabled=true' in afm.properties file.
More logging has been added to highlight what values of remote client's IP and X-FORWARDED-FOR header come as part of request to AFM.
Also, logging highlights the final ClientIP picked for request processing. IP validation for client's IP passed as part of X-FORWARDED-FOR header has also been added.