/siteminder/forms/images not correctly accessed in 12.52 SP1 CR04 SPS

book

Article ID: 7523

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We have used the default location of SPS ./secure-proxy/proxy-engine/examples/siteminderagent/ 

Tried to access using a browser to http:///siteminderagent/ 

Installed custom login auth form to: 
.fcc file in ./secure-proxy/proxy-engine/examples/siteminderagent/forms/ 
Image files etc in in ./secure-proxy/proxy-engine/examples/siteminderagent/forms/images/ 

This worked fine with the CR02 and previous versions of the SPS, not working with CR04. 

With the CR04 it is possible to access files with extension .fcc in the forms directory, not files with other extensions. 
Not possible to access files in the forms/images directory. 
Rename directory images to Images (capital I) and it is possible to access files with the .fcc extension in that directory, not possible to access other files like .jpg 

Tested from browser: 
http:///siteminderagent/forms/login.fcc 
http:///siteminderagent/forms/images/login.fcc (login.fcc copied to that directory) 
http:///siteminderagent/forms/Images/login.fcc (login.fcc copied to that directory) 
http:///siteminderagent/forms/images/logo.jpg (logo.jpg copied to that directory) 
http:///siteminderagent/forms/Images/logo.jpg (logo.jpg copied to that directory) 

So basically with the CR04 version we are able to make the auth scheme login work since the fcc file is read, but it is not possible to make the layout work (graphics, logoes etc). 

Cause

A change has been introduced to the 12.52 SP1 CR04 httpd.conf from apache, in that the filters for the virtual directory siteminder now show as the following 

AliasMatch /*/siteminderagent/pwcgi(.*) "C:\Program Files (x86)\CA\secure-proxy/proxy-engine/examples/siteminderagent/pw$1" 
AliasMatch /*/siteminderagent/pw(.*) "C:\Program Files (x86)\CA\secure-proxy/proxy-engine/examples/siteminderagent/pw$1" 
AliasMatch /*/siteminderagent/dmspages/(.*) "C:\Program Files (x86)\CA\secure-proxy/proxy-engine/examples/siteminderagent/dmspages/$1" 
AliasMatch /*/siteminderagent/forms/images/(.*) "C:/Program Files (x86)\CA\secure-proxy/proxy-engine/examples/siteminderagent/forms/images/$1" 
AliasMatch /*/siteminderagent/certoptional/forms/images/(.*) "C:\Program Files (x86)\CA\secure-proxy/proxy-engine/examples/siteminderagent/certoptional/forms/images/$1" 


Whereas in the httpd.conf supplied with version 12.52 SP1 CR02 the same filters are 

AliasMatch /*/siteminderagent/pwcgi(.*) "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/examples/siteminderagent/pw$1" 
AliasMatch /*/siteminderagent/pw(.*) "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/examples/siteminderagent/pw$1" 
AliasMatch /*/siteminderagent/dmspages/(.*) "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/examples/siteminderagent/dmspages/$1" 
AliasMatch /*/siteminderagent/forms/images/(.*) "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/examples/siteminderagent/forms/images/$1" 
AliasMatch /*/siteminderagent/certoptional/forms/images/(.*) "C:/Program Files (x86)/CA/secure-proxy/proxy-engine/examples/siteminderagent/certoptional/forms/images/$1" 

Note that in this case the C: has a forward slash, whereas in the 12.52 SP2 CR04 this has been changed to backslash. 

This causes apache to not be able to apply the filter to the URL provided and so it fails to service the reques

Environment

CA SiteMinder SPS 12.52 SP1 CR04 on Windows 2012R2

Resolution

This issue is solved in R12.52 SP1 CR06 Build#2174 on Windows 2008 R2 [64bit]