ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TEWS call changes URL from HTTP to HTTPS

book

Article ID: 103989

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

We have the vApp 14.1 running SSL (HTTPS) on our web console with updated SSL certificates in apache-ssl-certficates folder.

However, we have created a TEWS App that makes a call with HTTPS.  This URL is getting converted to HTTP.
It appears to be automatically reverting the URL to "http://hostname:8080/iam/im/TEWSTest", instead of our HTTPS environment "https://hostname/iam/im/TEWSTest".

Please assist in verifying the correct procedure to allow our TEWS app to make web calls via HTTPS.

 

Environment

Release:
Component: IDSVA

Resolution

Scenario 1:


VAPP proxy configured in app.config and with https url ( https://hostname/iam/im/TEWS6/idmEnv?wsdl)
This does work fine

Request reaches VApp proxy in SSL mode which redirect internally to IDM service (Host_01) in non-ssl mode.
Host_01 is internal to VApp and not exposed outside. Though request to VApp proxy to Host_01 is non-ssl but not vulnerable

Scenario 2:

IDM server should be directly reached. Configure SSL for IM Server and use port 8443 (https://hostname:8443/iam/im/TEWS6/idmEnv?wsdl)
No proxy configuration required in app.config
This is available in VApp 14.1 CP2

Scenario 3:


Without proxy using https with port 443
As per conversation, this shouldn't not work until the request redirect directly from hostname to IDM service (Host_01)
As proxy is not present, hostname can't resolve to which service (IDM, IP, IG), request can be redirected.

As it's working, it does mean, request directly reaching IDM server and can only be accessed with 443 port
Customer has to modify URL to use 443 port

Scenario 4:

It was also suggested to use layer 3 load balancer if they don't want to access IDM directly using IP and port.