search cancel

Single Sign On Siteminder - Issue HTTP Header + Post


Article ID: 119972


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're running a Web Agent and when the form html page send headers
as :

<form method="post" action=""> 
<input type="hidden" name="userid" value="<%=uid%>"> 
<input type="hidden" name="myvariable1" value="<%=myvariable1%>"/> 
<input type="hidden" name="myvariable2" value="<%=myvariable2%>"/> 

the headers and values for userid, myvariable1, myvariable12, aren't
reaching the target page So
that pages reports the values as null.

I'd like to know why. 


From the Fiddler traces, we see the header passed to the back end
server on a POST action. But the server replies with return code 301
to make the URL https instead of http. This redirection is culprit of
the lost of the header values.

You should take note of the following. If you POST header to a page, 
the next redirected page won't get these headers. Only the page you 
POST to will have. 

Apache 301 Redirect and preserving post data 

"POST data is discarded on redirect as a client will perform a GET 
request to the URL specified by the 301. Period." 


Release: MSPJBO99000-12.52-Single Sign-On-Agent for JBoss-for MSP


Configure your Web Server in order to accept only https requests in
order to avoid the 301 return code to solve this issue.