ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Purpose of "XFFEnabled" in arcotafm.properties

book

Article ID: 199842

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication

Issue/Introduction

We found the parameter "XFFEnabled" in arcotafm.properties file, but we have no idea of its usage
It's not documented in techdocs and there is nothing that looks related in AFM Wizard

Can you please tell us the purpose of this parameter and how to use it?


Cause

As per current implementation, AFM picks the value of client IP from X-Forwarded-For Header value without proper validation.

Environment

Release : 9.1

Component : AuthMinder(Arcot WebFort)

Resolution

Configuration of 'X-FORWARDED-FOR' functionality in AFM is made optional. This functionality is disabled by default.

To support configuration of this functionality, a new AFM properties parameter has been introduced as 'XFFEnabled'.

To enable it, set it as 'XFFEnabled=true' in afm.properties file.

More logging has been added to highlight what values of remote client's IP and X-FORWARDED-FOR header come as part of request to AFM.

Also, logging highlights the final ClientIP picked for request processing. IP validation for client's IP passed as part of X-FORWARDED-FOR header has also been added.