Unable to open acceptance application from Test Users

Article Id: 140392
Status: Published
Updated On: 19-11-2019 01:36
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On Agents (SiteMinder) , SITEMINDER , CA Single Sign On Federation (SiteMinder) , CA Single Sign On SOA Security Manager (SiteMinder) , SITEMINDER
Issue/Introduction:

 

We're running some Web Agents in our environment and when users try to
access applications, they login successfully, but right after, the
browser send them back to the login page.

To illustrate : 

User goes to the protected page :

   https://myapp.mydomain.com/

and then user is asked to provide credential on the login page on a
second Web Agent :

   http://mylogin.mydomain.com/

User gives correct credentials, but some seconds after coming back to
the application

   https://myapp.mydomain.com/

the browser is redirected again to 

   http://mylogin.mydomain.com/

How can we fix this ?

 

Cause:


First request occurs at 16:09:10 on the protected page :


GET https://myapp.mydomain.com/ HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 16:09:10 GMT

  Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips


The browser gets redirected for login page which request shows that

the login server is around 7 minutes in the past :


GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1


  HTTP/1.1 200 HTTP/1.1 200 OK

  Server: Microsoft-IIS/8.0

  Date: Thu, 07 Nov 2019 16:02:34 GMT


After successfull login, the browser goes back to the protected

application and the server shows a time which is around 3 hours in the

past :


GET https://myapp.mydomain.com/index.html HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 13:02:25 GMT

  Server: Apache


And the next click on the same application, the server shows the

server time being 3 hours in the future.


GET https://myapp.mydomain.com/myapp/index.html HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 16:02:34 GMT

  Server: Apache


As the server time varies, then the idle and session timeout trigger

and the browser is sent back to the login page :


GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1


  HTTP/1.1 200 HTTP/1.1 200 OK

  Server: Microsoft-IIS/8.0

  Date: Thu, 07 Nov 2019 16:02:34 GMT



Environment:


  Web Agent 12.52SP01CR01 on Apache 2.4 on Linux; 

Resolution:


Make all the Web Server machine's clocks in sync to solve the issue.