search cancel

Error: CA Access Gateway to Proxy is not supported in SPS Agent log

book

Article ID: 253455

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running CA Access Gateway (SPS), the log lines show the following message:

  The backend server is a proxy. CA Access Gateway to Proxy is not supported

Where comes this message from, what does it mean?

 

Resolution

 

At first glance, this message means that the backend server returns the response with the HTTP return code 305 or 407, which means that the Location field of the backend server reply is a proxy to which the CA Access Gateway (SPS) has to log in and connect (1).

The Noodle HttpServletResponse code is based on the response code returned by the backend server (2).

 

Additional Information

 

(1)

    List of HTTP status codes

      305 Use Proxy (since HTTP/1.1) The requested resource is available
      only through a proxy, the address for which is provided in the
      response. For security reasons, many HTTP clients (such as Mozilla
      Firefox and Internet Explorer) do not obey this status code.[25]

      407 Proxy Authentication Required (RFC 7235)
      The client must first authenticate itself with the proxy.[39]

(2)

    Interface HttpServletResponse

      | Modifier and Type | Field and Description              |
      |-------------------+------------------------------------|
      | static int        | SC_USE_PROXY                       |
      |                   | 305 Use Proxy.                     |
      |                   |                                    |
      | static int        | SC_PROXY_AUTHENTICATION_REQUIRED   |
      |                   | 407 Proxy Authentication Required. |
      |                   |                                    |

      SC_USE_PROXY
      static final int SC_USE_PROXY
      305 Use Proxy.

      The requested resource MUST be accessed through the proxy given by the
      Location field. The Location field gives the URL of the proxy. The
      recipient is expected to repeat the request via the proxy.

      SC_PROXY_AUTHENTICATION_REQUIRED static final int
      SC_PROXY_AUTHENTICATION_REQUIRED 407 Proxy Authentication Required.
      This code is similar to 401 (Unauthorized), but indicates that the
      client MUST first authenticate itself with the proxy. The proxy MUST
      return a Proxy-Authenticate header field (section 14.33) containing a
      challenge applicable to the proxy for the requested resource. The
      client MAY repeat the request with a suitable Proxy-Authorization
      header field (section 14.34). HTTP access authentication is explained
      in section 11.