search cancel

Error : Permission denied on Web Agent webappclientresponse Ajax calls

book

Article ID: 229675

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Web Agent and protecting a resource using the ACO
parameter WebAppClientResponse, the browser gets an error :

    myserver.mydomain.com says
    Unable to connect to Server.

 

Cause

 

The Web Agent can't deliver the content holding the response, because
the Web Agent hasn't permission to read and execute it.

As per documentation, the Body file from the WebAppClientResponse
should have the direction the resquest should proceed (1).

webagent.log

  [29985/501548800][Fri Nov 19 2021 10:40:32]
  cookieprovider='https://myserverlogin.mydomain.com/SmMakeCookie.ccc'.
  
  [29985/501548800][Fri Nov 19 2021 10:40:32]
  overlooksessionaspattern='yes'.
  
  [29985/501548800][Fri Nov 19 2021 10:40:32]
  overlooksessionforurls='/myapp/mypage/'.
  
  [29985/501548800][Fri Nov 19 2021 10:40:32]
  webappclientresponse='Resource=/myapp/my.*|Method=GET,POST,PUT|Status=200|
  Body=/opt/CA/webagent/samples/ajax/ajax.html|
  Content-Type=application/json|Charset=us-ascii'.

  [...]

  [30437/1921849088][Tue Nov 23 2021 10:32:33][CSmHttpPlugin.cpp:2332][WARNING]
  [sm-HTTPAgent-00190] Unable to process SMSESSION cookie.
  
  [30437/1921849088][Tue Nov 23 2021 10:32:33][CSmWeb20CacheObj.cpp:238][ERROR]
  [sm-HTTPAgent-00370] Error opening form template
  '/opt/CA/webagent/samples/ajax/ajax.html': Permission denied.

20211123.trace.log

  [11/23/2021][10:32:33][30437][1921849088][CSmHttpCredCore.cpp:1997]
  [CSmHttpCredCore::DoFormsChallenge]
  [00000000000000000000000079100d0a-76e5-619cc341-728d1700-3db058a3c8cd][*10.0.0.1]
  [][myAgent][/myapp/my.myapplication.01][]
  [Redirecting to credential collector 'https://myserverlogin.mydomain.com/
  siteminderagent/login.fcc?CHECKPASSWORD=ON&TYPE=33554432&REALMOID=06-0005c689-312d-
  1ea8-b4c7-4a120a320000&GUID=&SMAUTHREASON=0&METHOD=POST&SMAGENTNAME=$SM$VGvDw
  GiX8cQ485s22ddwfg5as45T0bZnLfeUeLRGZgyfeNN2y2m%2bBWB3CnIcmy
  &TARGET=$SM$HTTPS%3A%2F%2Fmyserver.mydomain.com%2Fmyapp%2Fmy.myapplication.01'.]
  
  [11/23/2021][10:32:33][30437][1921849088][CSmWeb20Cache.cpp:210][CSmWeb20Cache::GetForm]
  [][][][][][]
  [Form template '/opt/CA/webagent/samples/ajax/ajax.html' not found in cache.]
  
  [11/23/2021][10:32:33][30437][1921849088][CSmWeb20CacheObj.cpp:236]
  [CSmWeb20CacheObj::LoadFormTemplate][][][][][][][Permission denied]
  
  [11/23/2021][10:32:33][30437][1921849088][CSmWeb20Cache.cpp:284]
  [CSmWeb20Cache::GetForm][][][][][][]
  [Unable to serve form template '/opt/CA/webagent/samples/ajax/ajax.html' from disk.]
  
  [11/23/2021][10:32:33][30437][1921849088][CSmWeb20Response.cpp:108]
  [HandleCustomizedResponsRequest][00000000000000000000000079100d0a-76e5-
  619cc341-728d1700-3db058a3c8cd][*10.0.0.1][][myAgent]
  [/myapp/my.myapplication.01][][Sending WEB 2.0 custom response (Url '' and Reason 'Challenge')]

 

Resolution


- Make the the file
  
    /opt/CA/webagent/samples/ajax/ajax.html

  fully accessible for the account running Apache and Web Agent;

 

Additional Information

 

(1)

     Apply SiteMinder Behavior to a Web Application Client

       Specifies the fully qualified name of the file containing the
       custom body that is to function as the response to the web
       application client request. This file resides on the Web Agent host
       system and can:

 - Be text-based or contain binary data.
 - Contain any custom body that is designed by the application owner.
 - Contain a custom body that can be used to forward a reason and redirect URL.

     https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/session-protection/apply-siteminder-behavior-to-a-web-application-client.html