I don't see IdleTimeout Reason when the Web Agent is configured for webappclientresponse

book

Article ID: 6958

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

I've configured webappclientresponse and idletimeouturl that way in
the Web Agent ACO :

[567/5][Thu May 25 2017 11:58:18]webappclientresponse='Resource=/myurl/*|Method=GET,POST
  |Status=302|Body=/home/service/server/apache/conf/custom_web20.xml
  |Content-Type=application/xml|Charset=us-ascii'.

[567/5][Thu May 25 2017 11:58:18]
  idletimeouturl='http://myhost.mydomain.com/login/mylogin.jsp'.

I see indeed the redirection going to the mylogin.jsp page, but the reason
is a Challenge, and there's no URL given in the custom response.

[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmHttpCredCore.cpp:1973][CSmHttpCredCore::DoFormsChallenge][mywebagent]
  [/myurl/][GET][host01][Redirecting to credential collector 'https://myhost.mydomain.com/login/mylogin.jsp?
  TYPE=33554433&REALMOID=06-96649a07-00e6-4e38-a96b-d0cfa0a8ca01&GUID=0&SMAUTHREASON=0&METHOD=GET&
  SMAGENTNAME=-SM-Y%2fl0%2fmOuarOGQa2IPRUCwvcnNL8%2b0SQFGKK%2bsx1feM9h1dEfiuItLXe2Thq3HvADirGDdTEKA%2f08b3nwo
  Kgi6wllKPHXUxdl&TARGET=-SM-http%3A%2F%2Fmyhost.mydomain.com%2Fmyurl%2F'.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:210][CSmWeb20Cache::GetForm][][][][]
  [Form template '/home/service/server/apache/conf/custom_web20.xml'
  not found in cache.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:227][CSmWeb20Cache::GetForm][][][][]
  [Serving form template '/home/service/server/apache/conf/custom_web20.xml'
  from disk.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:270][CSmWeb20Cache::GetForm][][][][]
  [Form template '/home/service/server/apache/conf/custom_web20.xml'
  stored in cache.]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmWeb20Response.cpp:108][HandleCustomizedResponsRequest][mywebagent][/myurl/]
  [GET][host01][Sending WEB 2.0 custom response (Url '' and Reason 'Challenge')]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmChallengeManager.cpp:124][CSmChallengeManager::DoChallenge][mywebagent]
  [/myurl/][GET][host01][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmHighLevelAgent.cpp:607][ProcessRequest][mywebagent][/myurl/][GET][host01]
  [Challenge Manager returned SmExit, end new request.]

Cause

  The url you have defined has a wild card and you forget to tell the
  Web Agent to not update the SMSESSION cookie on the resource /myurl/*,
  and this is why you don't see the reason idletimeout. You need to
  specify overlooksessionforurls to get the idletimeout handled and you
  need to set overlooksessionaspattern to handle the wildcard *

Environment

Web Agent 12.52SP1CR06 on Apache 2.2 on RedHat

Resolution

Add the following ACO configuration :

  overlooksessionforurls=/myurl/*
  overlooksessionaspattern=yes

in order to solve the issue and get Reason : idletimeout.

Additional Information

12.52SP1 Documentation:

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/list-of-agent-configuration-parameters#ListofAgentConfigurationParameters-k

OverlookSessionAsPattern - Default No 
If enabled, the agent does not create cookies for any of the URLs under the directory that is specified in OverlookSessionForUrls. See Prevent Session Cookie Creation or Updates.

OverlookSessionForUrls   
Specifies a list of URLs against which the agent compares the URLs from all HTTP requests. If a match occurs, the agent does not create or update an SMSESSION cookie. See Prevent Session Cookie Creation or Updates.