Is there a way to configure the Access Gateway (SPS) to let pass the client IP to the backend application?
search cancel

Is there a way to configure the Access Gateway (SPS) to let pass the client IP to the backend application?

book

Article ID: 18143

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When using Access Gateway (SPS), back end application may require to know the client IP address to do some specific actions.

 

Environment

Release: Applicable to all the supported releases.
Component: SMSPS

Resolution

There are few steps required to achieve this.

1. Load Balancer/Proxy in front of Access Gateway must send X-Forwarded-For (or any custom header) with the User's IP Address.
2. Access Gateway need to specify the "CustomIPHeader=X-Forwarded-For" (or whatever header that was passed on with the user's IP Address).
3. Confirm from Access Gateway's agent trace log that CustomIPHeader was received and recognized the User's IP Address.

[Resolved Client IP address '192.168.0.123' from header 'X-Forwarded-For'.]

At this point, the Backend Server need to read "X-Forwarded-For" header and use that as User's IP Address.

 

Powered by Wolken Software