search cancel

Is it possible for Apache of Access Gateway to receive HTTP_header?

book

Article ID: 201138

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

HTTP_header for Apache can be configured with regular WebAgent using below LogFormat.

[httpd.conf]

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{name}i\" \"%{SM_USER}i\" " common        (name is header name)

[access.log]

10.30.76.1 - MyUser [24/Sep/2020:10:52:05 +0900] "GET /index.html HTTP/1.1" 200 45 "-" "MyUser" "MyUser"

However, using the same approach for Access Gateway with same LogFormat:

[httpd.conf]

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{name}i\" \"%{SM_USER}i\" " common

username doesn't get logged in Apache:

[access.log]

10.30.76.1 - - [24/Sep/2020:11:18:16 +0900] "GET /favicon.ico HTTP/1.1" 302 160 "http://XXXXXXX:9000/xxxxxxxx/index.html" "-" "-"

Cause

Different architecture when Access Gateway is used instead of web agent

Environment

Release : 12.8

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

It's not possible to get user ID in Apache access log in this case, because the SiteMinder agent is inside tomcat.

When the request is passing through Apache, SM_USER is not set yet.