AdminUI URL inconsistency

book

Article ID: 208335

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

We're running an AdminUI and we'd like to access the AdminUI in HTTPS
instead of HTTP on one server. More, we'd like to access on both
AdminUI in HTTPS on port 8080 instead of the 8443.

How can we achieve this ?

 

Environment

 

AdminUI 12.8SP3 on RedHat 7

 

Resolution

 

At first glance, the AdminUI only accessible on HTTP depends on the
URL you have used during the registration process.

According to documentation, if you registered accessing the HTTP and
port 8080, then the AdminUI will be accessible in HTTP on port 8080
only. If you've registered it in HTTPS on port 8443, then the AdminUI
is accessible on HTTPS on port 8443 only :

  Register the Administrative UI

    Follow these steps:

    Complete one of the following steps:

    - (Recommended) Open a web browser and go to the following
      location to register the Administrative UI over
      SSL:https://host:8443/iam/siteminder/adminui

    - Open a browser and go to the following
      location:http://host:8080/iam/siteminder/adminui host specifies
      the fully qualified Administrative UI host system name.  If the
      host system does not have a web browser, you can remotely access
      the login screen.  The Administrative UI login screen appears.

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-the-administrative-ui/install-the-administrative-ui-on-linux-stand-alone.html

If you have registered it in HTTP only on port 8080, you can still
activate the HTTPS on port 8443 as per documentation :

  (Optional) Configure the Administrative UI to Use an SSL (HTTPS) Connection

    By default, the Administrative UI is accessed using an unsecured
    (HTTP) connection. After you register the Administrative UI with
    the Policy Server, you can configure the Administrative UI to use
    an SSL (HTTPS) connection. To change the connection, modify the
    web.xml file of the embedded JBoss application server and enable
    secure cookies.

    Follow these steps:

    - Shut down the application server.

    - Navigate to the following location: user_console.war\WEB-INF

    - Open the web.xml file.

    - Add the <secure> attribute to the cookie-config section and set
      it to true:

       <session-config>

  <cookie-config>
   <http-only>true</http-only>
   <secure>true</secure> 
 </cookie-config>
       </session-config>

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-the-administrative-ui/install-the-administrative-ui-on-linux-stand-alone.html

Further, you reported an issue by accessing the AdminUI page in HTTPS
using IE. According to our Support Matrix, IE (Internet Explorer) is
not supported nor advised :

  2.2 Operating System for SiteMinder Administrative User Interface

    1. Administrative User Interface with embedded Application Server is
       supported on operating systems supported by policy server.
    2. Browser support for the administrative User Interface
       a. Microsoft Edge
       b. Safari last tested version was 13.0.5
       c. Firefox last tested version was 82.0.3
       d. Google Chrome last tested version was 86.0

  https://ftpdocs.broadcom.com/cadocs/0/contentimages/Symantec%20SiteMinder_12_8_Platform%20Support%20Matrix_25Jan21.pdf

Further, the error page :

   https://myhost.mydomain.com:8443/iam/siteminder/adminui 

   This page can't be displayed

occurs because if you haven't configured the AdminUI to work on HTTPS
on port 8443, you'll get this error. To solve it, follow the
documentation and enable the SSL in the AdminUI.

Finally, the product is designed to listen in SSL on port 8443 only.