search cancel

Web Agent showing post preservation data error page

book

Article ID: 227573

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Web Agent, the browser shows the message on Post
Preservation action :

  "This page is used to hold your data while you are being authorized
   for your request. You will be forwarded to the continue the
   authorization process. If this does not happen automatically, please
   click the continue button below."

  1) How to stop this message ?
  2) How to edit this message and modify with another userful message ?
  3) Under what circumstances we get this message ?
  4) Why only few customers are reporting it ? 
  5) What are the most common reason for such messages ?

 

Resolution

 

Overall, this page doesn't mean an error message. It's informative
message. This message is related to the Postpreservation Web Agent
feature.


  
  1. As per this KD and doc, PostPreservation can disabled by "setting
     PreservePostData=no in the ACO." (1)(2).

  2. The message can be customized following indications from this KD
     and doc (3)(4).

  3. As per documentation, the Post Preservation occurs "When a timeout
     or other interruption occurs during a POST operation, the POST
     preservation page is displayed." (5).

     One of these interruption might be when the Web Agent needs the
     browser to visit another Web Agent instance for updating the
     SMSESSION cookie by a Cookie Provider as per this KD (6).

  4. As per the following KD, this page is not seen on each request, but
     only when there's a need to "maintain the data, Siteminder must
     invoke PostPreservation and this will result in the white page
     being displayed to the user. If PostPreservation is disabled, then
     the data that the user submitted will be lost and the user will
     need to resubmit the data [...]" (7).

     Note that if the operation goes quite fast, the user might even not
     see it in the browser, even if the postpreservation occurs as
     mentioned in the documentation (8).

  5. The most common situation where Postpreservation is needed :

     - Interaction between Framework and Traditional Agent (9).  
     - Usage of a Cookie Provider (10)(11).
     - Usage of Dynamic Account Linking at the SP as per documentation
       (12).

 

Additional Information

 

(1)

    Web Agent ACO SessionUpdatePeriod and PostPreservation message

1. Disable PostPreservation by setting PreservePostData=no in
       the ACO. This would force the users to have to resubmit
       their POST data each time we redirect to the cookie
       provider (as dictated by the SessionUpdatePeriod / validity
       of the SMSESSION cookie)

    https://knowledge.broadcom.com/external/article?articleId=54212

(2)

    (Optional) Disable POST Preservation

      To disable POST preservation, set the value of the
      PreservePostData parameter to no.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html

(3)


   
    Web Agent Customizing the POST preservation page

      The intermittent page can be customized by modifying the POST
      preservaqtion template. There are two samples which get
      installed with the Web Agent and have the extension
      ".pptemplate" which do fancy things with POST
      preservation. These files are located in the samples directory
      of the SiteMinder Web Agent installation. For instance, if
      SiteMinder were installed at /app/netegrity/webagent, these
      files would be located at:

   /app/netegrity/webagent/samples_default/forms/fw2tr.pptemplate
   /app/netegrity/webagent/samples_default/forms/tr2fw.pptemplate

    https://knowledge.broadcom.com/external/article?articleId=53734

(4)

    Customize the POST Preservation Page

      To customize the POST preservation page, create a POST
      preservation template file.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html

(5)

    Customize the POST Preservation Page

      When a timeout or other interruption occurs during a POST
      operation, the POST preservation page is displayed.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html

(6)

    Web Agent ACO SessionUpdatePeriod and PostPreservation message   

       The interim white page that is displayed will occur when
       PostPreservation takes place. With a single domain,
       PostPreservation takes place only when the SMSESSION is no
       longer valid however when there are multiple domains,
       PostPreservation also takes place when the cookie in the
       primary domain needs to be updated in order to maintain SSO
       between multiple domains. The ACO parameter
       "SessionUpdatePeriod" dictates the frequency that the web agent
       in the second domain redirects to update the SMSESSION cookie
       in the primary domain.

       This has the same default value of SessionGracePeriod. If the
       request is of a POST method and the Web Agent needs to go talk
       to the cookie provider (caused by the secondary cookie is no
       longer valid or the SessionUpdatePeriod is updated), then the
       Web Agent in the secondary domain will need to speak with the
       Web Agent in the primary domain. This is done via a HTTP 302
       redirect and as such, in order to maintain the data, Siteminder
       must invoke PostPreservation and this will result in the white
       page being displayed to the user. If PostPreservation is
       disabled, then the data that the user submitted will be lost
       and the user will need to resubmit the data before the
       SessionUpdatePeriod is exceeded.

    https://knowledge.broadcom.com/external/article?articleId=54212

(7)

    Web Agent ACO SessionUpdatePeriod and PostPreservation message
    https://knowledge.broadcom.com/external/article?articleId=54212

(8)

    Customize the POST Preservation Page

       However, the Post Preservation page can be displayed for as
       long as 5 seconds when the amount of form data being posted is
       large.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html

(9)

    Enable Post Preservation Between Framework and Traditional Agents

      If your SiteMinder environment uses a combination of Framework
      and Traditional agents, and resources that are hosted by one
      type of Agent are protected by Forms Credential Collectors
      (FCCs) hosted on the other type of agent,
      
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html
(10)
       
     Web Agent ACO SessionUpdatePeriod and PostPreservation message

       The interim white page that is displayed will occur when
       PostPreservation takes place. With a single domain,
       PostPreservation takes place only when the SMSESSION is no
       longer valid however when there are multiple domains,
       PostPreservation also takes place when the cookie in the
       primary domain needs to be updated in order to maintain SSO
       between multiple domains.

     https://knowledge.broadcom.com/external/article?articleId=54212

(11)


     
     Enable Post Preservation Between Framework and Traditional Agents

       Framework Agents handle POST preservation data differently than
       Traditional Agents do. If your SiteMinder environment uses a
       combination of Framework and Traditional agents, and resources
       that are hosted by one type of Agent are protected by Forms
       Credential Collectors (FCCs) hosted on the other type of agent,

     https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/forms-authentication/how-to-configure-an-agent-to-support-html-forms-authentication/configure-post-preservation.html  

(12)

     Configure Dynamic Account Linking at the SP

       Protect the linkaccount.jsp file with a SiteMinder forms
       authentication scheme, which supports POST-Preservation. The
       SAML response that contains the assertion is posted to the
       Assertion Consumer Service after the user has logged in locally
       at the Service Provider. Preserve the SAML response POST data
       during the entire local authentication process..

     https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/implementing/implementing-federation-in-your-enterprise/saml-2-0-federation-use-cases-and-solutions.html