Virtual host is not properly configured with SPS behind F5 BIP IP VIP
search cancel

Virtual host is not properly configured with SPS behind F5 BIP IP VIP

book

Article ID: 433911

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On

Issue/Introduction

Running 2 CA Access Gateway (SPS) behind a Load Balancer (F5 BIP IP VIP), the browser gets the error:

https://server.example.com

CA Access Gateway - Error Report

Error Details

Request URI   :/
Error Type    :SPS Exception
Error Code    :VirtualHostNotFound
Error Message :Virtual host is not properly configured.

The issue is that the CA Access Gateway (SPS) doesn't accept the incoming request from the Load Balancer.

Resolution

Set the IP address of server.example.com to the IP address of the Load Balancer in the CA Access Gateway (SPS) hosts file to solve this issue. 
 
When serving a front end specific virtual host, the only modification on the CA Access Gateway (SPS) is to add the FQDN of that virtual host into the hostnames values (1).
 
On both CA Access Gateway (SPS), there is no need to define the virtualhost in httpd-vhosts.conf, so that file is kept as out of the box configuration and it isn't set to load in the SPS httpd.conf.
 
As a sample using Apache as a Load Balancer:
 

The Front end Apache Load Balancer:

 
hosts file:
 
10.0.0.15 apache.example.net
10.0.0.15 server.example.com
10.0.0.96 sps-1.example.net
10.0.0.55 sps-2.example.net
 
conf.d/httpd-proxy-balancer.conf:
 
<Proxy balancer://mycluster >
  BalancerMember https://sps-1.example.net:443 loadfactor=4 route=node1
  BalancerMember https://sps-2.example.net:443 loadfactor=6 route=node2
  ProxySet lbmethod=byrequests
</Proxy>

<VirtualHost *:80>
    ServerName apache.example.net
    SSLProxyEngine On
    SSLProxyVerify none 
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    SSLProxyVerify none
    ProxyPreserveHost On
    ProxyPass / balancer://mycluster/ stickysession=SESSION_ID
    ProxyPassReverse / balancer://mycluster/ stickysession=SESSION_ID
</VirtualHost>

<VirtualHost *:80>
    ServerName server.example.com
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    SSLProxyVerify none
    ProxyPreserveHost On
    ProxyPass / balancer://mycluster/ stickysession=SESSION_ID
    ProxyPassReverse / balancer://mycluster/ stickysession=SESSION_ID
</VirtualHost>
 

On SPS 1:

 
server.conf:
 
# Default Virtual Host

<VirtualHost name="default">
  hostnames="sps-1.example.net, server.example.com"
  defaultsessionscheme="default"
  requestblocksize="4" 
  responseblocksize="8"
</VirtualHost>
proxyrules.xml:
 
    <nete:case value="/">
      <nete:forward>http://backend.example.com/</nete:forward>
    </nete:case>
 
hosts:
 
10.0.0.15 apache.example.net
10.0.0.15 server.example.com
 

On SPS 2:

 
server.conf:
 
# Default Virtual Host

<VirtualHost name="default">
  hostnames="sps-2.example.net, server.example.com"
  defaultsessionscheme="default"
  requestblocksize="4"
  responseblocksize="8"
</VirtualHost>
 
proxyrules.xml:
 
    <nete:case value="/">
      <nete:forward>http://backend.example.com/</nete:forward>
    </nete:case>
 
hosts:
 
10.0.0.15 apache.example.net
10.0.0.15 server.example.com

 

Additional Information

  1. SPS Exception : Virtual host is not properly configured

Powered by Wolken Software