Reason and resolution for error "Configured auth landling url does not match auth url in token"
search cancel

Reason and resolution for error "Configured auth landling url does not match auth url in token"

book

Article ID: 240569

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

Reason and resolution for error "Configured auth landling url does not match auth url in token".

Environment

Release : All AA releases 

Component : AuthMinder(Arcot WebFort)

Cause

Mismatch in AFM landing URL parameter provided in the configuration file adaptershmim.ini and that provided in the configuration file arcotafm.properties leads to this error. The error is expected in the scenario where one might have a Proxy or Load Balancer between Siteminder Server and the AFM Server.

Resolution

To resolve this issue, please copy the matching AFM landing URL (as in the adaptershim.ini file) into the arcotafm.properties file updating the  parameter ArcotAFMLandingURL and restarting the AFM that is, please uncomment the  #ArcotAFMLandingURL= parameter by removing the "#" and then populate the URL.

Note that configuration wise the parameter ArcotAFMLandingURL (AFM Landing URL) is configurable in these two listed configuration files below

1. arcotafm.properties 

2. adaptershim.ini

1. arcotafm.properties

# --------------------------------------------------------------------------
#  ArcotAFMLandingURL is used by Arcot Shim (or other component
#  which redirects to the arcotafm controller) to verify that the user
#  was processed with the redirected URL. Optional setting, required
#  only if the application server does not map URL to the same value as the
#  Arcot Shim used for redirection.
#
#  Defaults to controller JSP that receives HTTPRequest.

#
# --------------------------------------------------------------------------

#ArcotAFMLandingURL=                                 ***** Commented out here  *******

2. Adaptershim.ini (example adaptershim.ini showing a specific One-Page login scenario)

#
# One-Page login scenario
#

DisambigSchemeLib=
DisambigSchemeParam=
AuthSchemeLib=
AuthSchemeParam=

ArcotSMBaseURL=http://<Host>:Port>/arcotsm/servlet
ArcotSMRetries=0
ArcotSMResponseWait=5
ArcotSMTrustedRootPEM=ARCOT_HOME/adapterSiteMinder/certs/rootcacert.pem
ArcotSMClientSSLCert=ARCOT_HOME/adapterSiteMinder/certs/tsclientcert.pem
ArcotSMClientPrivateKey=ARCOT_HOME/adapterSiteMinder/certs/tsclientkey.pem

ArcotAFMLandingURL=https://<Host>:Port>arcotafm/master.jsp?profile=<ProfileName>

Additional Information

None.

Powered by Wolken Software