search cancel

Web Agent :: Ajax returns 302 code as it should not

book

Article ID: 133617

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

We're running a Web Agent and one application running Ajax code
returns 302 code to the Web Page when it should not.

How can we solve this ?

 

Resolution

 

At first glance, to handle Web 2.0 code as Ajax, you need to implement
the Web Agent ACO parameter :

   WebAppClientResponse

as per documentation here :

  Apply CA Single Sign-On Behavior to a Web Application Client

   Some web applications use script engines, which execute in the
   context of a Web browser, to request resources and display
   content. Similar to requests standard web browsers send, the
   requests originating from the script engine can trigger
   Agent-generated behavior, such as HTTP redirects or challenges.

   Unless properly integrated with the web application, this behavior
   can result in the web application client reaching an indeterminate
   state.

   The web application client response (WebAppClientResponse) ACO
   parameter lets you:

   - Configure CA Single Sign-On to identify requests originating from
     the script engine that is executing in the context of the Web
     browser. 

   - Use a customized response to integrate CA Single
     Sign-On-generated behavior, including a challenge, with the
     functionality of the web application client.

   - Configure the response format for requests from Web 2.0 resources
     (AJAX and other API-based calls) at the global level. 

   - Configure a global response to the web application clients to reduce the need to
     configure request/responses at each Web Agent level manually. 

   If you are using the WebAppClientResponse parameter to integrate the
   session management features, such as idle or session timeouts,
   configure the OverLookSessionFor ACO parameter also. While the
   OverLookSessionFor parameters prevent web application client
   requests from keeping user sessions active indefinitely, the
   WebAppClientResponse parameter lets you integrate the required
   functionality to redirect users after a session timeout.

  https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/web-agent-configuration/session-protection/apply-ca-single-sign-on-behavior-to-a-web-application-client