Error: CORS xhr XMLHttpRequest blocked on WebAgent
search cancel

Error: CORS xhr XMLHttpRequest blocked on WebAgent

book

Article ID: 197220

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


When running a Web Agent, how to integrate it to use the CORS headers as seen in the SiteMinder OIDC documentation section (1)?

The browser reports a CORS error.

http://server.example.com/<app>/

  CORS error xhr
  Access to XMLHttpRequest at

  http://server.example.com/<app>/
  
  From origin 'http://server.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 

Environment


Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6

 

Resolution


The Web Agent does not support CORS header outside the OIDC journey.

The ACO Parameter CORSConfiguration is implemented in CA Access Gateway (SPS) as described only the OIDC journey (1).

An Idea has been submitted in the past (2), and still the Web Server can be configured to handle these CORS headers (3). 

 

Additional Information