search cancel

redirection happens so many times

book

Article ID: 202196

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Web Agent and when a user tries to access a given
application, then at the Authentication Scheme level, the browser gets
redirected to the same page many time and the browser display the
error message :

    This page isn't working
    myloginserver.mydomain.com redirected you too many times.
    Try clearing your cookies.
    ERR_TOO_MANY_REDIRECTS

How can we fix this ?

 

Cause

 

From these snippets, we see that the request arrives without a
SMSESSION cookie, and as such, the Web Agent redirect the user to the
Cookie Provider in order to get logged in the user. But it seems the
Cookie Provider cannot login the user correctly and as such, no
SMSESSION cookie as send back to the initial TARGET URL
(/myapp/mypage.html), and as such, the request goes into a loop.

WebAgent.log :

  [10/15/2020][06:57:21][3467][2407524096][CSmHttpPlugin.cpp:703]
  [CSmHttpPlugin::ProcessResource]
  [000000000000000000000000efcd360a-0d8b-5f87e4c1-8f7fe700-63df59bc4677]
  [*10.0.0.1][][mywebagent][][][Resolved URL: '/myapp/mypage.html'.]

  [10/15/2020][06:57:21][3467][2407524096][CSmHttpPlugin.cpp:850]
  [CSmHttpPlugin::ProcessResource]
  [000000000000000000000000efcd360a-0d8b-5f87e4c1-8f7fe700-63df59bc4677]
  [*10.0.0.1][][mywebagent][/myapp/mypage.html][]
  [Resolved METHOD: 'GET'.]

  [10/15/2020][06:57:21][3467][2407524096][CSmLowLevelAgent.cpp:499]
  [IsResourceProtected]
  [000000000000000000000000efcd360a-0d8b-5f87e4c1-8f7fe700-63df59bc4677]
  [*10.0.0.1][][mywebagent][/myapp/mypage.html][]
  [Resource is protected from cache.]

  [10/15/2020][06:57:21][3467][2407524096][CookieProviderTools.cpp:344]
  [RedirectToCookieProvider]
  [000000000000000000000000efcd360a-0d8b-5f87e4c1-8f7fe700-63df59bc4677]
  [*10.0.0.1][][mywebagent][/myapp/mypage.html][]
  [Redirecting to cookie provider 'https://myloginserver.mydomain.com/SmMakeCookie.ccc?
  SMSESSION=QUERY&PERSIST=0
  &TARGET=$SM$http%3A%2F%2Fmyappserver.mydomain.com%2Fmyapp%2Fmypage.html'.]

 

Environment

 

  Web Agent 12.52SP1CR09 64bit on Apache 2.4.39 64bit on Linux;

 

Resolution

 

Investigate the Cookie Provider Web Agent traces to understand why the
user can't login.

   - Full Live HTTP headers of your browser
    (Fiddler http://www.fiddler2.com/fiddler2/version.asp)
    NOTE : be sure to activate the desencryption of the SSL connections
    in order to see them :
    Tools / Fiddler Option.. / HTTPS / Decrypt HTTPS traffic;

 For BOTH the Web Agents and the Cookie Provider :

  - Full Web Agent logs and traces;
  - Full Web Server access and error logs;