Rule OnAccessReject and a Response WebAgent-OnReject-Redirect but is not executed

book

Article ID: 197362

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and when we set a Rule OnAccessReject
and a Response WebAgent-OnReject-Redirect on a realm, this one isn't
executed. Why ?

 

Environment

 

Policy Server 12.8SP3 on Linux

 

Resolution

 

In the same realm, if you set 2 rules :

Rules :

  | Name     | Actions        |
  |----------+----------------|
  | redirect | OnAccessReject |
  | access   | Get            |
  |          | Post           |
  |          | Put            |

and then 2 Policies :

Policy : redirect

  | Realm    | Rule   | Response |
  |----------+--------+----------|
  | redirect | access |          |

Policy : noaccess

  | Realm    | Rule     | Response |
  |----------+----------+----------|
  | redirect | redirect | noaccess |

Then if you set the user in "redirect" Policy, the user will access
the resource after authentication. If you set the user in "noaccess"
policy only, then the user won't be authorized and will be redirected
by the response directive.