search cancel

SPS Multiple proxy rules Conditions

book

Article ID: 216168

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

The proxy servers runs with single condition(host) as below and everything is working:


<nete:condtype="host"criteria="equals">
 
but now we want add another condition to the same proxyrules as below:
 
<nete:condcriteria="beginswith"type="uri">

Environment

SPS Version 12.8.x

Cause

When you have more than one condition in the same proxyrules as below example:

<?xml version="1.0"?>
<?cocoon-process type="xslt"?>
<!DOCTYPE nete:proxyrules SYSTEM "file:////opt/CA/siteminder/secure-proxy/proxy-engine/conf/dtd/proxyrules.dtd">
<!-- Proxy Rules-->
<nete:proxyrules
 xmlns:nete="http://www.broadcom.com/" debug="yes">
 <nete:cond type="host" criteria="equals">
 <nete:case value="www.broadcom.com:80">
 <nete:forward>http://test.broadcom.net:6114$1</nete:forward>
 </nete:case>
 <nete:case value="www.test.com:6110">
 <nete:forward>http://www.mytest.net:6110$1</nete:forward>
 </nete:case>
 <nete:default>
 <nete:forward>https://www.test.com/proxyui$1</nete:forward>
 </nete:default>
 </nete:cond>
 <nete:cond criteria="beginswith" type="uri">
 <nete:case value="/administration">
<nete:forward>http://Broadcom:6181$1</nete:forward>
 </nete:case>
 <nete:case value="/APJ">
<nete:forward>http://Broadcom:6181$1</nete:forward>
 </nete:case>
 <nete:default>
<nete:forward>http://www.mytest.com$1</nete:forward></nete:default>
 </nete:cond>
</nete:proxyrules>

 

SPS will fail to start with below error message:

[27/Apr/2021:22:34:50-715] [ERROR] - Proxy Rules: ** Proxy Rules Parsing Error **
[27/Apr/2021:22:34:50-715] [ERROR] - Proxy Rules: File: 'file:////opt/CA/siteminder/secure-proxy/proxy-engine/conf/proxyrules.xml'
[27/Apr/2021:22:34:50-715] [ERROR] - Proxy Rules: Line: 49
[27/Apr/2021:22:34:50-715] [ERROR] - Proxy Rules: Message: The content of element type "nete:proxyrules" must match "(nete:description?,(nete:cond|nete:xprcond|nete:forward|nete:redirect|nete:local))".
[27/Apr/2021:22:34:50-715] [ERROR] - Error while parsing proxy rules: /opt/CA/siteminder/secure-proxy/proxy-engine/conf/proxyrules.xml
org.xml.sax.SAXException: Error encountered
 at com.netegrity.proxy.rules.parser.ErrorHandlerImpl.error(Unknown Source) ~[proxyrt.jar:?]
 at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) ~[xerces.jar:?]
 at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) ~[xerces.jar:?]
 at com.netegrity.proxy.rules.parser.ProxyRuleParser.parseDoc(Unknown Source) ~[proxyrt.jar:?]
 at com.netegrity.proxy.rules.task.RuleWatcherTask.buildTree(Unknown Source) ~[proxyrt.jar:?]
 at com.netegrity.proxy.rules.task.RuleWatcherTask.doOnChange(Unknown Source) [proxyrt.jar:?]
 at com.netegrity.util.timer.task.AbstractFileWatcherTask.run(Unknown Source) [proxyutils.jar:?]
 at com.netegrity.proxy.service.SmProxyRules.init(Unknown Source) [proxyrt.jar:?]
 at com.netegrity.proxy.service.SmProxyRules.init(Unknown Source) [proxyrt.jar:?]
 at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285) [catalina.jar:7.0.94]
 at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:266) [catalina.jar:7.0.94]
 at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108) [catalina.jar:7.0.94]
 at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:5037) [catalina.jar:7.0.94]
 at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5739) [catalina.jar:7.0.94]
 at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) [catalina.jar:7.0.94]
 at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1707) [catalina.jar:7.0.94]
 at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1697) [catalina.jar:7.0.94]
 at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_45]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_45]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_45]
 at java.lang.Thread.run(Thread.java:745) [?:1.8.0_45]
Caused by: org.xml.sax.SAXParseException: The content of element type "nete:proxyrules" must match "(nete:description?,(nete:cond|nete:xprcond|nete:forward|nete:redirect|nete:local))".
 at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) ~[xerces.jar:?]
 ... 31 more

Resolution

The Access Gateway ProxyRules.xml can only contain one Parent Condition with it's associated Case Statements. You would need a second instance of Access Gateway to handle a second Parent Condition in the environment.