CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
Issue/Introduction
We're running Federation Services and the SAML requests fail and that the request gets added
GET https://myidp.idp.com/affwebservices/nuage/redirect.jsp?SPID=mysp.sp.com&SMPORTALURL=https%3A%2F%2Fmyidp.idp.com%3A443%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa56f0e3-56f0288d-adf
GET https://myidp.idp.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa56f0e3-56f0288d-adf
GET https://myidp.idp.com/affwebservices/nuage/redirect.jsp?SMASSERTIONREF=QUERY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa56f0e3-56f0288d-adf&SMPORTALURL=https%3A%2F%2Fmyidp.idp.com%3A443%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=24d66d38-64a3b27f-87b46a07-6005f90b-240317fc-ab7
GET https://myidp.idp.com/affwebservices/public/saml2sso?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa56f0e3-56f0288d-adf&SAMLTRANSACTIONID=24d66d38-64a3b27f-87b46a07-6005f90b-240317fc-ab7
[04/07/2020][06:28:58][8881][2227083008][CSmLowLevelAgent.cpp:531][IsResourcePr otected][000000000000000000000000fc4112ac-22b1-5e8c55e5-84be9700-99324e2d6ef5][ *192.168.1.1][][][/affwebservices/public/saml2sso?SPID=mysp.sp.com][] [Resource is not protected from cache.]
[04/07/2020][06:28:58][8881][2147481344][CSmLowLevelAgent.cpp:535][IsResourcePr otected][000000000000000000000000fc4112ac-22b1-5e8c55ea-7ffff700-b3c7301aa68c][ *192.168.1.1][][][/affwebservices/nuage/redirect.jsp?SPID=mysp.sp.com &SMPORTALURL=https%3A%2F%2Fmyidp.idp.com%3A443%2Faffwebse rvices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa56f0e 3-56f0288d-adf][][Resource is not protected from Policy Server.]
[04/07/2020][06:28:58][8881][2139088640][CSmLowLevelAgent.cpp:535][IsResourcePr otected][000000000000000000000000fc4112ac-22b1-5e8c55ea-7f7fe700-ca791470a08b][ *192.168.1.1][][fed_cox_wa][/affwebservices/public/saml2sso?SMASSERTIONREF=QUE RY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0-fa5 6f0e3-56f0288d-adf][][Resource is not protected from Policy Server.]
[04/07/2020][06:28:58][8881][2130695936][CSmLowLevelAgent.cpp:535][IsResourcePr otected][000000000000000000000000fc4112ac-22b1-5e8c55ea-7effd700-e1314c626aaf][ *192.168.1.1][][][/affwebservices/nuage/redirect.jsp?SMASSERTIONREF= QUERY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-95dfd42e-98fa15a0- fa56f0e3-56f0288d-adf&SMPORTALURL=https%3A%2F%2Fmyidp.idp.com%3A443%2 Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=24d66d38-64a3b27f-87b46a0 7-6005f90b-240317fc-ab7][][Resource is not protected from Policy Server.]
[04/07/2020][06:28:58][8881][2122303232][CSmLowLevelAgent.cpp:535][IsResourcePr otected][000000000000000000000000fc4112ac-22b1-5e8c55ea-7e7fc700-f79f3778894][* 192.168.1.1][][][/affwebservices/public/saml2sso?SMASSERTIONREF=QUER Y&SMASSERTIONREF=QUERY&SPID=mysp.sp.com&SAMLTRANSACTIONID=412da244-9 5dfd42e-98fa15a0-fa56f0e3-56f0288d-adf&SAMLTRANSACTIONID=24d66d38-64a3b27f-87b4 6a07-6005f90b-240317fc-ab7][][Resource is not protected from Policy Server.]
And looking at the configuration, you protect the realm for redirect.jsp with Agent Group :
AgentGroup
This AgentGroup doesn't include the AgentName to protect the resource :
Looking at the configuration, protection of /affwebservices/myotherapp is defined for Web Agent group name "AgentGroup". This Agent group has unique member agent "mywebagent".
And the Web Agent you run is only configured for Agentname "myotherwebagent".
Insure that realms are protected by the desired Agent to solve the issue.