CDD 6.9 does not work on IE and firefox on some systems

book

Article ID: 127062

calendar_today

Updated On:

Products

Automic Continuous Delivery Director

Issue/Introduction

Acronyms: (Acronym used or referred in document)
  • CDD: Continuous Delivery Director

When trying to access the CDD 6.9 via IE and Firefox on some systems, post log in throws error  "something went wrong".

Cause

In our analysis we observed below errors in cdd-server.log file
2019-02-13 13:41:23.803 [http-nio-8443-exec-11] ERROR c.c.r.w.f.OriginVerificationFilter - Failed request based on its origin. You may clear the JSESSIONID cookie request header or logout from the related CDD session 
com.ca.rp.exceptions.rest.ValidationException: Accessing '/cdd/login.jsp' is forbidden from 'https://<cdd-server>:8443/cdd/login.jsp', verified by referer header

Trouble shoot steps
  1. Please check the settings.properties file located under tomcat host, under directory <USER-HOME>/.cdd/conf
  2. Check for below configuration in settings.properties
    • cdd.url.schema = https
    • cdd.url.port = 8443
    • cdd.url.virtual_ip = hostname
  3. Check if the hostname (short name or FQDN) is getting resolved via DNS
  4. Check the URL in use to access CDD
With 6.9, we have handled a potential security issue which now validates that the Origin and Referer, will match. There might be a mismatch between what you have defined in settings.properties file for the cdd.url.virtual_ip and what the browser is sending.

Some observed behavior of browsers
  • Chrome is adding the Origin HTTP header to its requests.
  • IE and Firefox are NOT adding the Origin HTTP header to their requests.
  • IE and Firefox are adding the Referer HTTP header instead - which is using different format and different values.

Environment

Continuous Delivery Director: 6.9 ( also valid for higher versions)
 

Resolution


The CDD behavior is consistent and in our analysis we identified that in settings.properties file the hostname is having value as short-name of server and the CDD URL is been accessed via short-name, but as the IE and Firefox are passing the Referer HTTP headers, which is using FQDN hence a mismatch resulting in the error.

Solution: Access the CDD URL with FQDN of server instead of short-name for IE and Firefox

 
 
 
 

Additional Information

NOTE:

It is advised to access CDD using the exact same server address that was used for executing the CDD Installer. CDD is verifying that any incoming cliet request is coming from a page that was downloaded from CDD itself ( same HTTP schema, same server name and same server port )
 
For example, if the customer was using https://test.domain.com:443 for executing CDD Installer, it should also use https:///test.domain.com:443 for executibg CDD service ( and not https:///test:443 )