[SiteMinder][Federation] How to add additional Secure Redirect URL
search cancel

[SiteMinder][Federation] How to add additional Secure Redirect URL


Article ID: 220691


Updated On:


SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)


[Use Case] Existing Secure Redirect URL is already used by a Federation Partner and require a new Secure Redirect URL for another partner.

Existing Secure Redirect URL: "https://federation.kimlabs.net/affwebservices/secure/secureredirect"
Documentation instructs the following steps to modify web.xml to add additional secure redirect.

What is the actual procedure?


Release : 12.8.x

Component : Access Gateway


In case of standard Authentication URL : "https://federation.kimlabs.net/affwebservices/redirectjsp/redirect.jsp"
Users can make a copy of redirect.jsp to redirect2.jsp and create a new realm with this resourcefilter "/affwebservices/redirectjsp/redirect2.jsp" for another federation partner.

But unlike the above, the "Secure Redirect" is an application and only 1 is registered in the web.xml
For example, C:\Program Files\CA\secure-proxy\Tomcat\webapps\affwebservices\WEB-INF\web.xml


So, if you simply create a new realm without modifying this web.xml, for example you use "/affwebservices/secure/secureredirect2" then you will get HTTP 404 as there is no such application mapped to that URI.



1. Stop the Access Gateway
2. Locate the web.xml and modify as below. This sample is adding /affwebservices/secure/secureredirect2 to the web.xml

3. Start Access Gateway
4. Configure the Federation Partnership or the OIDC Provider to use the new URL.

5. Create new Realm and Rule

6. Update Policy to allow this resource