The backend Web Server gives the unauthorized response instead of the Web Agent Reverse Proxy

Article Id: 4651
Status: Published
Updated On: 14-02-2018 07:54
Legacy Id: TEC1052572
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

Running WebAgent, protecting backend server resource,
the browser access directly the resource, the
Web Agent doesn't seem to catch the request. I get the 401
error from the backend server instead of the Web Agent Apache
server 403 Forbidden.

Cause:

The fact that the Reverse Proxy module executes the request and
serves the response before the Web Agent is seemly
the Web Agent module isn't loaded first in the list, but problably
at the very end :

httpd.conf :

  ServerRoot /root/sandbox/apache2.4
  include conf/*.conf
  ProxyPreserveHost On
  LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm22.so"
  SmInitFile "$/opt/CA/webagent/conf/WebAgent.conf"

From out of the box installation and configuration, the installer puts the load module
instructions for the Web Agent at the first place in the httpd.conf file.

Environment:

Web Agent 12.52SP1CR02 64bit on Apache 2.2.31 64bit on SLES 11 SP3 64bit;

Resolution:

Make the Web Agent module to be the first
loaded module in your configuration like :

  ServerRoot /root/sandbox/apache2.4
  LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm22.so"
  SmInitFile "$/opt/CA/webagent/conf/WebAgent.conf"
  include conf/*.conf
  ProxyPreserveHost On

to solve the issue

Additional Information:

N/A