Use Secure URL path and folder structure

book

Article ID: 206359

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

We're running a CA Access Gateway (SPS) and when we set the "Use
Secure URL" parameter in the Partnership, then the browser receives
error 500. We'd like to know :

  Where can we find the secure/secureredirect path ?

 

Environment

 

CA Access Gateway (SPS) 12.8SP3

 

Resolution

 

At first glance, according to documentation, when setting "Use Secure
URL", you don't have to set redirect.jsp page. You just need to
protect the secure/secureredirect ressource as per documentation
instead of redirect.jsp :

  Use Secure URL

    1. Set the Authentication URL field to the following URL: http(s)://idp_server:port
    /affwebservices/secure/secureredirect

    [...] Authentication URL that uses the secureredirect service,
    include this web service in a different realm for each partner.
    [...]

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-02/using/administrative-ui-help/legacy-federation-reference/saml-1-x-affiliate-dialog-reference/affiliate-general-settings.html

As per description above, secure/secureredirect is a Web Service, and
as such you won't find the path in the file system.

More, if this Web Service gets used by multiple Partnerships, you have
to modify this Web Service configuration to satisfy each of them :

  Use Secure URL

    2. Protect the secureredirect web service with a policy.

      If the asserting party serves more than one relying partner, the
      asserting party probably authenticates different users for these
      different partners. As a result, for each Authentication URL that
      uses the secureredirect service, include this web service in a
      different realm for each partner.  To associate the secureredirect
      service with different realms, modify the web.xml file and create
      different resource mappings. Do not copy the secureredirect web
      service to different locations on your server. Locate the web.xml
      file in the directory web_agent_home /affwebservices/WEB-INF, where
      web_agent_home is the installed location of the web agent.
  
  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-02/using/administrative-ui-help/legacy-federation-reference/saml-1-x-affiliate-dialog-reference/affiliate-general-settings.html