PartnerShips Error Redirect

book

Article ID: 208072

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

We're running a Policy Server and when we configured a Partnership to
return a custom page when an error 400 or 500 occurs, then we only see
the default out of the box page, not the one we have configured to be
redirected to.

  We followed the documentation here :

    Status Redirects for HTTP Errors (SAML 2.0 IdP)
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/saml-2-0-only-configurable-features/status-redirects-for-http-errors-saml-2-0-idp.html

How can we make our custom page to show up ?

 

Resolution

 

To make it working, you have to put the files at the same level as per
the Web.xml. If you set :

in /opt/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/web.xml :

  <error-page>
    <error-code>400</error-code>
    <location>/Error400.jsp</location>
  </error-page>

and you put the file /Error400.jsp here :

  /opt/CA/secure-proxy/Tomcat/webapps/affwebservices/Error400.jsp

Then in this page, you can configure custom behavior with programming
if you need to redirect to another page outside this branch or another
machines. Here's a sample to redirect to another machine after 5
seconds displaying a custom message :

Error400.jsp :

  <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  <html>
    <head>
      <meta http-equiv="refresh" content="5;URL=http://www.javatips.net/">
      <title>400 Error ! Problem !</title>
    </head>
    <body>
      <center>
 <h1>Your Request doesn't work (code : 400) !!!</h1>
      </center>
    </body>
  </html>

We just want to underline you that there are limitation on the local
content you may put on CA Access Gateway (SPS) :

  Product Limitations

    Access Gateway does not support local content. The ability to place
    content on Access Gateway is not exposed, and Access Gateway does not
    support proxy rules for providing access to local content.

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8.html

Also pay attention that "<meta http-equiv="refresh" might cause
problem is some circumstances to get the page shown properly.