ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

HTTP 500 error with SecureUrls=yes on user initiated password change.

book

Article ID: 51296

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

By default when SecureUrls=YES, the webagent will reject any request to an FCC that does not have SMQUERYDATA in the query string, and will throw a HTTP 500 error.

However, a switch in smpwservices.fcc called @smpwselfchange will undo this requirement for the smpwservices.fcc, so that users can do User Initiated Password Change while having SecureUrls=YES.

Following error is logged in webagent trace log.

[CSmHttpPlugin::ProcessResource][Error. Unable to handle request in Secure Mode.]

Solution:

Set @smpwselfchange directive in smpwservices.fcc is (i.e.) @smpwselfchange=1 and SecureUrls=yes.

For E.g-
=======
Set the ACO parameter SecureUrls to "yes".
Open smpwservices.fcc and set @smpwselfchange=1

Open a browser and access the password services FCC with no SMQUERYDATA, but with SMAUTHREASON=34 (to mimic user initiated password change) such as:

http://myserver.xyz.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&TARGET=http://myserver.xyz.com/protectedpages/page1.html

The smpwservices.fcc with the template for User Initiated Password Change (username, old password, new password, confirm new password) will be shown.

Environment

Release:
Component: SMIIS