[SiteMinder][Federation] How to add additional Secure Redirect URL
Article ID: 220691
Updated On:
Products
Issue/Introduction
[Use Case] Existing Secure Redirect URL is already used by a Federation Partner and require a new Secure Redirect URL for another partner.
Existing Secure Redirect URL: "https://<Server Name>/affwebservices/secure/secureredirect"
Documentation instructs the following steps to modify web.xml to add additional secure redirect.
What is the actual procedure?
Environment
Release : 12.8.x
Component : Access Gateway
Cause
In case of standard Authentication URL : "https://<Server Name>/affwebservices/redirectjsp/redirect.jsp"
Users can make a copy of redirect.jsp to redirect2.jsp and create a new realm with this resourcefilter "/affwebservices/redirectjsp/redirect2.jsp" for another federation partner.
But unlike the above, the "Secure Redirect" is an application and only 1 is registered in the web.xml
<AccessGateway>/Tomcat/webapps/affwebservices/WEB-INF/web.xml
For example, C:\Program Files\CA\secure-proxy\Tomcat\webapps\affwebservices\WEB-INF\web.xml
So, if you simply create a new realm without modifying this web.xml, for example you use "/affwebservices/secure/secureredirect2" then you will get HTTP 404 as there is no such application mapped to that URI.
Resolution
1. Stop the Access Gateway
2. Locate the web.xml and modify as below. This sample is adding /affwebservices/secure/secureredirect2 to the web.xml
3. Start Access Gateway
4. Configure the Federation Partnership or the OIDC Provider to use the new URL.
5. Create new Realm and Rule
6. Update Policy to allow this resource
Feedback
