Deformed response from webserver with webagent enabled

book

Article ID: 40945

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

ISSUE:

Intermittently, user with expired SM session is redirected to an error page, instead of the SM login page.

Following error is logged in the Webagent log:

[SmApache22WebFilterCtxt.cpp:530][ERROR][sm-AgentFramework-00070] Input filter pre-fetch read error - 'Content data is not available'

Network trace logged a RST from LTM/F5.

 

CAUSE:

A policy is defined on LTM/F5 to issue a RST when it detected malformed network packet – request/response that does not comply with HTTP Protocol (RFC2616), e.g: blank Content-Type.

We created a python script to POST same data to the webserver and successfully reproduced the deformed responses (blank Content-Type with the first response, followed closely with another response without headers), when Webagent is enabled.

Response from webserver when Webagent is enabled:

 

<Please see attached file for image>

webagentenabled.PNG

Response from webserver when Webagent is disabled:

 

<Please see attached file for image>

webagent.PNG 

Sample python script:

 

<Please see attached file for image>

script.PNG

 

RESOLUTION:

Set LegacyStreamingBehavior=yes resolved the issue.

ACO parameter -- LegacyStreamingBehavior specifies how content will be transferred to the server during POST requests.

When the value of this parameter is set to yes, all content types are streamed, except for the following:

- text/xml

- application/x-www-form-urlencoded

When the value of this parameter is set to no, all content types are spooled. 

 

WORKAROUND:

·         Disable POST preservation data – PreservePostData=no (Web Agent will not preserves POST data when redirecting requests to the login page)

·         Disable the policy on LTM/F5 that checks the HTTP request/response compliance or bypass LTM/F5.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Attachments

1558719413891000040945_sktwi1f5rjvs16vbk.png get_app
1558719412167000040945_sktwi1f5rjvs16vbj.png get_app
1558719410054000040945_sktwi1f5rjvs16vbi.png get_app