HTTP DELETE method not allowed in CA Single Sign On
Article ID: 187435
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
We are running CA Single Sign on 12.8 SP2. We have a new functionality to allow HTTP DELETE and HTTP PUT request.
Usually we allow only GET and POST. So I modified the Realm Rule to add PUT and DELETE methods too.
After adding that, the PUT request is going through but the DELETE request is failing with an AzReject.
Should we enable anything else in particular for HTTP DELETE requests? I read the documentation but could not find anything.
Environment
Release : 12.8 SP2
Component : SiteMinder Federation(Federation Manager)
Resolution
1. To the SiteMinder Web Agent, it doesn't really process the GET or PUT or DELETE command, it is the web server doing it.
2. Agent will intercept the request received by web server, then check what is the ACTION and the resource, the ACTION to web agent is just a string.
3. As long as you registered the ACTIONS correctly to the web agent, and the rules were correctly configured and policy associated, policy server should authorise.
4. Again, siteminder doesn't really understand what those ACTIONS are, we only deal with logic.
5. so to siteminder, GET or PUT or DELETE are just words to match, if the configured rule and policy allows, then the agent will let the request go through, hand it over to the web server to process.
6. But if the logic is somehow not working, then it is either a misconfiguration or, cache not flushed yet.
2. Agent will intercept the request received by web server, then check what is the ACTION and the resource, the ACTION to web agent is just a string.
3. As long as you registered the ACTIONS correctly to the web agent, and the rules were correctly configured and policy associated, policy server should authorise.
4. Again, siteminder doesn't really understand what those ACTIONS are, we only deal with logic.
5. so to siteminder, GET or PUT or DELETE are just words to match, if the configured rule and policy allows, then the agent will let the request go through, hand it over to the web server to process.
6. But if the logic is somehow not working, then it is either a misconfiguration or, cache not flushed yet.
Feedback
Yes
No
Powered by
