search cancel

Wildcard Realm and Rule resources patterns syntax in AdminUI

book

Article ID: 226958

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running an AdminUI and configuring 2 rules having that:

  *.myapp*.net/*
  *.myotherapp.net/*
  • What would be the behavior in the Browser?
  • Does Siteminder allow these patterns for Authentication and Authorization

 

Resolution

 

At first glance, as per this KD, the Realm configuration should be a string. Regular expressions are only available for the Rules (1).

Configuring with the following:

  Realm : /*.myapp*.net
  Rule : /*
  protected with Basic
  

Then in the browser, access is granted without having to log in:

   http://wa.training.com/1.myapp1.net/allheaders.php

And trying to reach this URL which has reserved character, the Web Agent returns 500 complainings that:

  [ERROR][sm-HTTPAgent-00100] URL contains invalid characters.
  Exiting with HTTP 500 server error '00-0002'.
   
   http://wa.training.com/*.myapp*.net/allheaders.php
   

To correct that behavior, put the regular expression into the rule definition for that to work.

  Realm : /
  Rule : *.myapp*.net/*
  protected with Basic
  

Then in the browser, access is requested to log in with Basic Authentication Scheme:

   http://wa.training.com/1.myapp1.net/allheaders.php

and access is granted after giving the expected credentials.

 

Additional Information

 

(1)

    AdminUI realm configuration with asterix * wildcard

      Wildcards in Realms are not supported. Only string are allowed
      (1). They would be treated as literal character. And as such, note
      that * are reserved characters in URL and should not be in usage
      (2).