search cancel

SSL Termination with enableredirectrewrite="yes"

book

Article ID: 189622

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a CA Access Gateway (SPS) and configuring
"enableredirectrewrite" in server.conf, as the CA Access Gateway (SPS)
runs behind a SSL offloaded loadbalancer which terminates the SSL
connections, then the SPS returns the URLs in HTTP instead of HTTPS,
even if configured redirectrewritablehostnames adding ports numbers.

 

Environment

 

CA Access Gateway (SPS) 12.8SP3 on RedHat 7

 

Resolution

 

Customize the embedded Apache server by enabling the mod_headers (1)
might help you to solve the issue. A sample of this possible
configuration :

  <IfModule headers_module>
  Header edit Location ^http://([^/:]+)(:[0-9]{1,5})?/ https://$1/
  </IfModule>

Note that this customization might have side effect and this setting
is at your own responsibility.

 

Additional Information

(1)

    Apache Module mod_headers
    https://httpd.apache.org/docs/current/mod/mod_headers.html