[SiteMinder][Federation] How to add additional Secure Redirect URL

book

Article ID: 220691

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

[Use Case] Existing Secure Redirect URL is already used by a Federation Partner and require a new Secure Redirect URL for another partner.

Existing Secure Redirect URL: "https://federation.kimlabs.net/affwebservices/secure/secureredirect"
Documentation instructs the following steps to modify web.xml to add additional secure redirect.


What is the actual procedure?

Cause

In case of standard Authentication URL : "https://federation.kimlabs.net/affwebservices/redirectjsp/redirect.jsp"
Users can make a copy of redirect.jsp to redirect2.jsp and create a new realm with this resourcefilter "/affwebservices/redirectjsp/redirect2.jsp" for another federation partner.

But unlike the above, the "Secure Redirect" is an application and only 1 is registered in the web.xml
<AccessGateway>/Tomcat/webapps/affwebservices/WEB-INF/web.xml
For example, C:\Program Files\CA\secure-proxy\Tomcat\webapps\affwebservices\WEB-INF\web.xml

 

So, if you simply create a new realm without modifying this web.xml, for example you use "/affwebservices/secure/secureredirect2" then you will get HTTP 404 as there is no such application mapped to that URI.

 

Environment

Release : 12.8.x

Component : Access Gateway

Resolution

1. Stop the Access Gateway
2. Locate the web.xml and modify as below. This sample is adding /affwebservices/secure/secureredirect2 to the web.xml

3. Start Access Gateway
4. Configure the Federation Partnership or the OIDC Provider to use the new URL.

5. Create new Realm and Rule

6. Update Policy to allow this resource

 

Attachments