SSL Target url https-http

book

Article ID: 142798

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a CA Access Gateway (SPS) and when user tries to access a
resource in HTTPS, then once logged in, the target becomes HTTP
(without ssl) and the request fails.

We've tried the solution from this community in vain :

  Target URL Change
  https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=820489

and we've tried to follow instruction from these KD in vain too :

  Access Gateway returns redirect to HTTP: rather than HTTPS:
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=110262

  When using an SSL offloader, the TARGET parameter when redirected to
  the login.fcc page is changed to specify a http: rather than https:
  protocol even though the original request was made over https:
  https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=51429

How can we solve this ?

 

Cause

 

From the CA Access Gateway (SPS) httpd.conf, we see that the SPS
doesn't listen on port 80, but on 10000 :

httpd.conf :

  Listen 10000
  ServerName myserver.mydomain.com:10000
  LoadModule headers_module modules/mod_headers.so
  <IfModule headers_module>
  Header edit Location "(^http://)" "https://"

 

Environment

 

  CA Access Gateway (SPS) 12.8SP0 on RedHat 6;
  Policy Server 12.8P0 on RedHat 6;

 

Resolution

 

Make the HTTPSPorts ACO parameter to include the ports defined in the
httpd.conf Listen parameter to solve this issue.

The HTTPSPorts should have value with 10000 at least.