Integrated Windows Authentication (IWA) auth scheme throws HTTP 500 error [00-0017] when TargetAsRelativeURI is checked.

book

Article ID: 51152

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Webagent on Windows 2003 is honoring the ACO parameter "TargetAsRelativeURI" for NTLM authentication scheme. The target is fully qualified even when TargetAsRelativeURI is set to yes.

When the ACO parameter "TargetAsRelativeURI" is set to yes and the resource protected by IWA auth scheme is accessed from browser then, the webagent redirects to the .ntc [NTC credential collector] for authentication, but puts a FULLY QUALIFIED target on the query string. This causes the agent to reject the target and a 500 error [00-0017] is thrown.

Webagent trace log shows the following Error:
[Invalid Target found in the URL]

Solution:

The actual working of webagent should be to redirect to the NTC for authentication, and put a RELATIVE target on the query string when ACO parameter "TargetAsRelativeURI" is set.

This issue has been fixed in webagent version 6.0-SP6 and R12-SP2-CR1.
Now webagent works correctly when ACO parameter "TargetAsRelativeURI" is set and IWA authentication is used.

Environment

Release:
Component: SMIIS