Running several SiteMinder environments with the CA Access Gateway (SPS) running on both Win2016 and Linux Redhat8 and CentOS8.

Installing the Ghostcat patch, with or without the samesite patch, on Win2016 the CA Access Gateway (SPS) works fine.

Installing the Ghostcat patch on Linux Redhat8 or CentOS8, the Access Gateway stops working.

Ghostcat patch applied by copying the jar files to ./secure-proxy/Tomcat/lib and adding the following to the server.conf file in the general section:

  ajp13.secretRequired=true
  worker.ajp13.secret=<secret>

Applies exactly the same way as on the CA Access Gateway (SPS) on Win2016 that is working.

Tested in the following environments/versions:

• Siteminder Access Gateway 12.8 SP2 on Redhat8;
• Siteminder Access Gateway 12.8 SP3 on CentOS8;

CA Access Gateway (SPS) loads without any errors in the logs.

Login to ProxyUI works fine.

Accessing a resource through the proxy "Service Unavailable" in browser:

CA Access Gateway (SPS) logs:

  [Fri Jun 19 10:06:43.809 2020] [30118:140254933567232] [error] ajp_send_request::jk_ajp_common.c (1725): (ajp13) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
  [Fri Jun 19 10:06:43.910 2020] [30118:140254933567232] [error] ajp_send_request::jk_ajp_common.c (1725): (ajp13) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=111)
  [Fri Jun 19 10:06:43.910 2020] [30118:140254933567232] [error] ajp_service::jk_ajp_common.c (2796): (ajp13) connecting to tomcat failed (rc=-3, errors=1, client_errors=0).

Perform the below steps to fix the issue:

1. Stop the CA Access Gateway (SPS);
2. In the server.conf, change the below: 
   
   From : 
   
   worker.ajp13.host=localhost 
   
   to
   
   worker.ajp13.host=::1
   
   
3. Save the changes;
4. Start the CA Access Gateway (SPS);