search cancel

HTTP Status Code: 200 200 in CA Access Gateway (SPS)

book

Article ID: 258069

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

Running CA Access Gateway (SPS), the redirections don't work in 12.8SP7 when a Loadbalancer sits in front of it.

 

Environment

 

CA Access Gateway (SPS) 12.8.07

 

Cause

 

The Loadbalancer in front of the CA Access Gateway (SPS) reads the status code of the page returned by the CA Access Gateway (SPS). Based on this status code value, the Loadbalancer processes the redirection.

The status code returned by the CA Access Gateway (SPS) is 200 200:

Request URL: https://sps.mydomain.com/affwebservices/assertionretriever
Request Method: GET
Status Code: 200 200

The Loadbalancer should not parse the "reason-phrase" portion of the HTTP response status line as per RFC 7230 (1).

Only the status-code should be parsed, not the reason-phrase following the status-code. The specifications only recommend the reason-phrases in RFC 7231 (2).

 

Resolution

 

Change the Loadbalancer configuration to parse only the status-code, not the "reason-phrase".

 

Additional Information

 

(1)

    3.1.2.  Status Line

      status-line = HTTP-version SP status-code SP reason-phrase CRLF

      [...omitted for brevity...]
 
      A client SHOULD ignore the reason-phrase content.
      
    

(2)

    6.1.  Overview of Status Codes

      The reason phrases listed here are only recommendations
      -- they can be replaced by local equivalents without affecting the
      protocol.