Getting not authorized error with SM protecting TEWS on subsequent calls with Forgotten Password.

Article Id: 52137
Status: Published
Updated On: 21-03-2018 06:15
Legacy Id: TEC507554
Products:
DIRECTORY , CA Identity Manager , CA Identity Governance , CA Identity Portal , CA Risk Analytics , CA Secure Cloud SaaS - Arcot A-OK (WebFort) , CA Secure Cloud SaaS - Advanced Authentication , CA Secure Cloud SaaS - Identity Management , CA Secure Cloud SaaS - Single Sign On , SINGLE SIGN ON - LEGACY , CA Data Protection (DataMinder) , CA User Activity Reporting
Issue/Introduction:

Description:

Forgotten Password is a three step TEWS call. With TEWS being protected by SM and the right security parameters set for SM in the web.xml, customer is noticing that only his first Forgotten Password TEWS call (to verify user identity) is successful and the subsequent TEWS call is coming back with a "401 Not Authorized" error on the client side. This document describes a way to work around this issue since the problem lies within Apache Axis and not the client side TEWS code or IDM.

Solution:

Apache Axis 1.3 and 1.4 have a problem with the way they send cookie headers, they send them in the form of cookie:

cookie1=value
cookie: cookie2=value

The above format is not RFC compliant and Webservers reject all but the first cookie as they expect it to be in RFC compliant form:

cookie: cookie1=value; cookie2=value

There is a patch to the Axis clients, however it is a manual patch that requires recompiling Axis. The patch for Axis 1.4 is attached.

Environment:

Release:
Component: IDMGR

insert_drive_file 1558535394356TEC507554.zip
arrow_downward Download