Enable Unauthorized Access Redirect" is not working as expected

book

Article ID: 40224

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Symptoms: 

"Enable Unauthorized Access Redirect" is not working as expected when we configure siteminder as IDP and to redirect the user to this specific URL when the user is not authorized.

Environment:  

SiteMinder version: 12.52 CR01 and 12.52 SP1

Cause: 

If the user is not authorized, we are logging 500 error in the above specified versions instead of 401 in FWStrace log, hence as per the configuration, unauthorized access redirect works only if we receive 401 error not 500 error.

Resolution:

Need to enable "enable server error redirect" option in SSO and SLO tab of partnership federation since 500 error is appearing in the logs instead of 401 error.                    

As the server error (500 error) comes up in multiple scenarios, we will not be able to predict why the user is being redirected to the specified URL, but it still redirects the users to the URL even after enabling the "enable server error redirect" option for unauthorized access as well.

Upgrade the webagent and option pack to 12.52 SP1CR2. In case if SPS is in use, upgrade SPS to 12.52 SP1CR2 version as the logging has been changed accordingly and the user will be redirected to the URL which is mentioned in "Enable Unauthorized Access Redirect" and the logs will be updated as 401 error instead of 500 error.

Environment

Release: ETRSBB99000-12.52-SiteMinder-B to B
Component: