Unable to open acceptance application from Test Users

book

Article ID: 140392

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running some Web Agents in our environment and when users try to
access applications, they login successfully, but right after, the
browser send them back to the login page.

To illustrate : 

User goes to the protected page :

   https://myapp.mydomain.com/

and then user is asked to provide credential on the login page on a
second Web Agent :

   http://mylogin.mydomain.com/

User gives correct credentials, but some seconds after coming back to
the application

   https://myapp.mydomain.com/

the browser is redirected again to 

   http://mylogin.mydomain.com/

How can we fix this ?

 

Cause


First request occurs at 16:09:10 on the protected page :


GET https://myapp.mydomain.com/ HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 16:09:10 GMT

  Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips


The browser gets redirected for login page which request shows that

the login server is around 7 minutes in the past :


GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1


  HTTP/1.1 200 HTTP/1.1 200 OK

  Server: Microsoft-IIS/8.0

  Date: Thu, 07 Nov 2019 16:02:34 GMT


After successfull login, the browser goes back to the protected

application and the server shows a time which is around 3 hours in the

past :


GET https://myapp.mydomain.com/index.html HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 13:02:25 GMT

  Server: Apache


And the next click on the same application, the server shows the

server time being 3 hours in the future.


GET https://myapp.mydomain.com/myapp/index.html HTTP/1.1


  HTTP/1.1 302 Found

  Date: Thu, 07 Nov 2019 16:02:34 GMT

  Server: Apache


As the server time varies, then the idle and session timeout trigger

and the browser is sent back to the login page :


GET https://mylogin.mydomain.com/login.fcc?TYPE=33619969&REALMOID=06-wss5c58d-5hh4-4985-8a88-328682456437&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$F7h%2flZ9eqwaerdasdswkX4cKhulXfh%2bRzssadada0CLxmdsadsMVL7Vjvrtil7h&TARGET=$SM$https%3A%2F%2Fmyapp.mydomain.com%2F HTTP/1.1


  HTTP/1.1 200 HTTP/1.1 200 OK

  Server: Microsoft-IIS/8.0

  Date: Thu, 07 Nov 2019 16:02:34 GMT



Environment


  Web Agent 12.52SP01CR01 on Apache 2.4 on Linux; 

Resolution


Make all the Web Server machine's clocks in sync to solve the issue.
Powered by Wolken Software