HTTP Error 503 when using Form Authentication with IIS 7.5
search cancel

HTTP Error 503 when using Form Authentication with IIS 7.5

book

Article ID: 4855

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When trying to use Form Authentication Scheme with IIS 7.5 we are getting 503 errors.

We also use a Jakarta connector for a custom application deployed on Tomcat.

Basic authentication works fine

 

Here the current web.config we use :

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpErrors existingResponse="PassThrough" />
        <modules>
            <add name="CASiteMinderWebagentModule" preCondition="integratedMode,bitness64" />
        </modules>
        <handlers>
            <add name="handler-wa" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Program Files\CA\webagent\win64\bin\ISAPI6WebAgent.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-fcc" path="*.fcc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-ntc" path="*.ntc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-ccc" path="*.ccc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-scc" path="*.scc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-kcc" path="*.kcc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
        </handlers>
        <isapiFilters>
            <clear />
            <filter name="SiteMinder Agent" path="C:\Program Files\CA\webagent\win64\bin\ISAPI6WebAgent.dll" enabled="true" enableCache="false" preCondition="classicMode,bitness64" />
            <filter name="jakarta" path="C:\ISAPI\isapi_redirect.dll" enabled="true" enableCache="false" preCondition="bitness64" />
            <filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enabled="true" enableCache="true" preCondition="bitness64" />
            <filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enabled="true" enableCache="true" preCondition="bitness32" />
        </isapiFilters>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Security" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="404.2" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
    <system.web>
        <identity impersonate="false" />
    </system.web>
</configuration>

 

Environment

Webagent 12.51 on IIS75 Windows 2008 R2SP1

Cause

The Web Agent on IIS 7.5 needs the following configuration in web.config :

<modules>
    <add name="CASiteMinderWebagentModule-32" preCondition="integratedMode,bitness32" />
</modules>
<handlers>
 
    <add name="handler-wa-32" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Program Files\CA\webagent\win32\bin\ISAPI6WebAgent.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,bitness32" />
<add name="CASiteMinderWebAgentHandler-fcc-32" path="*.fcc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
<add name="CASiteMinderWebAgentHandler-ntc-32" path="*.ntc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
<add name="CASiteMinderWebAgentHandler-ccc-32" path="*.ccc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
<add name="CASiteMinderWebAgentHandler-scc-32" path="*.scc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
    <add name="CASiteMinderWebAgentHandler-kcc-32" path="*.kcc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
</handlers>
<isapiFilters>
    <filter name="SiteMinder Agent-32" path="C:\Program Files\CA\webagent\win32\bin\ISAPI6WebAgent.dll" enabled="true" enableCache="false" preCondition="classicMode,bitness32" />
</isapiFilters>

 

Resolution

Correcting the web.config accordingly will solve the issue :

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpErrors existingResponse="PassThrough" />
        <modules>
            <add name="CASiteMinderWebagentModule" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebagentModule-32" preCondition="integratedMode,bitness32" />
        </modules>
        <handlers>
            <add name="handler-wa" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Program Files\CA\webagent\win64\bin\ISAPI6WebAgent.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-fcc" path="*.fcc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-ntc" path="*.ntc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-ccc" path="*.ccc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-scc" path="*.scc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            <add name="CASiteMinderWebAgentHandler-kcc" path="*.kcc" verb="*" modules="CASiteMinderWebagentModule" resourceType="Unspecified" preCondition="integratedMode,bitness64" />
            
            <add name="handler-wa-32" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Program Files\CA\webagent\win32\bin\ISAPI6WebAgent.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,bitness32" />
        <add name="CASiteMinderWebAgentHandler-fcc-32" path="*.fcc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
        <add name="CASiteMinderWebAgentHandler-ntc-32" path="*.ntc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
        <add name="CASiteMinderWebAgentHandler-ccc-32" path="*.ccc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
        <add name="CASiteMinderWebAgentHandler-scc-32" path="*.scc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
            <add name="CASiteMinderWebAgentHandler-kcc-32" path="*.kcc" verb="*" modules="CASiteMinderWebagentModule-32" resourceType="Unspecified" preCondition="integratedMode,bitness32" />
        </handlers>
        <isapiFilters>
            <clear />
            <filter name="SiteMinder Agent" path="C:\Program Files\CA\webagent\win64\bin\ISAPI6WebAgent.dll" enabled="true" enableCache="false" preCondition="classicMode,bitness64" />
            <filter name="SiteMinder Agent-32" path="C:\Program Files\CA\webagent\win32\bin\ISAPI6WebAgent.dll" enabled="true" enableCache="false" preCondition="classicMode,bitness32" />
            <filter name="jakarta" path="C:\ISAPI\isapi_redirect.dll" enabled="true" enableCache="false"/>
            <filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enabled="true" enableCache="true" preCondition="bitness64" />
            <filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enabled="true" enableCache="true" preCondition="bitness32" />
        </isapiFilters>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Security" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="404.2" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
    <system.web>
        <identity impersonate="false" />
    </system.web>
</configuration>

 

Also check the ISAPI Redirector settings for Jakarta to make sure that FCC is served by IIS and not Tomcat

 

 

Additional Information

IIS webagent crashes / What should we check to prevent those in the IIS configuration ?

http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1390793.html

Powered by Wolken Software