We're running a Policy Server and when we configured a Partnership to
return a custom page when an error 400 or 500 occurs, then we only see
the default out of the box page, not the one we have configured to be
redirected to.
We followed the documentation here :
Status Redirects for HTTP Errors (SAML 2.0 IdP)
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/saml-2-0-only-configurable-features/status-redirects-for-http-errors-saml-2-0-idp.html
How can we make our custom page to show up ?
To make it working, you have to put the files at the same level as per
the Web.xml. If you set :
in /opt/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/web.xml :
<error-page>
<error-code>400</error-code>
<location>/Error400.jsp</location>
</error-page>
and you put the file /Error400.jsp here :
/opt/CA/secure-proxy/Tomcat/webapps/affwebservices/Error400.jsp
Then in this page, you can configure custom behavior with programming
if you need to redirect to another page outside this branch or another
machines. Here's a sample to redirect to another machine after 5
seconds displaying a custom message :
Error400.jsp :
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="refresh" content="5;URL=http://www.javatips.net/">
<title>400 Error ! Problem !</title>
</head>
<body>
<center>
<h1>Your Request doesn't work (code : 400) !!!</h1>
</center>
</body>
</html>
We just want to underline you that there are limitation on the local
content you may put on CA Access Gateway (SPS) :
Product Limitations
Access Gateway does not support local content. The ability to place
content on Access Gateway is not exposed, and Access Gateway does not
support proxy rules for providing access to local content.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8.html
Also pay attention that "<meta http-equiv="refresh" might cause
problem is some circumstances to get the page shown properly.