ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AdminUI : Realm and Rule patterns to protect changing resources syntax

book

Article ID: 226958

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running an AdminUI and configuring 2 rules having that :

  *.myapp*.net/*
  *.myotherapp.net/*

- What would be the behaviour in the Browser ?
- Does Siteminder allows these patterns for Authentication and
  Authorization ?

 

Resolution

 

At first glance, as per this KD, the Realm configuration should be a
string. Regular expression are only available for the Rules (1).

Configuring with the following :

  Realm : /*.myapp*.net
  Rule : /*
  protected with Basic

Then in the browser, access is granted without having to login :

   http://wa.training.com/1.myapp1.net/allheaders.php

And trying to reach this URL which has reserved character, the Web
Agent returns 500 complaining that :

  [ERROR][sm-HTTPAgent-00100] URL contains invalid characters.
  Exiting with HTTP 500 server error '00-0002'.
   
   http://wa.training.com/*.myapp*.net/allheaders.php

To correct that behavior, putting the regular expression into the rule
definition for that to work.

  Realm : /
  Rule : *.myapp*.net/*
  protected with Basic

Then in the browser, access is requested to login with Basic
Authentication Scheme :

   http://wa.training.com/1.myapp1.net/allheaders.php

and access is granted after giving the expected credentials.

 

Additional Information

 

(1)

    AdminUI realm configuration with asterix * wildcard

      Wildcards in Realms are not supported. Only string are allowed
      (1). They would be treated as literal character. And as such, note
      that * are reserved characters in URL and should not be in usage
      (2).

    https://knowledge.broadcom.com/external/article?articleId=53054