Client ip in smaccess logs


Article ID: 195023


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



When running Policy Server, one might be unable to log user ip address
in smaccess log in our non-prod environment. The ip captured in
REMOTE_ADDR is the LB ip instead of user ip which is being audited as
sm_client ip in smaccess logs currently.

X-forwarded-for and Client-ip headers are populated correct IP address
for user being authenticated. How one can force agent to use either of
X-forwarded-for or Client-ip to be used while auditing ?




Web Agent 12.52SP1CR11 on Apache 2.4.46 on RedHat 7




Setting the ACO parameter CustomIPHeader to X-forwarded-for should
solve this (1)(2).

You should not need to change ProxyDefinition and/or RequireClientIP
just to include the X-forwarded-for in smaccess.log. Just set


Additional Information



    List of Agent Configuration Parameters


    Default HTTP Headers Used by the Product