Apache Reverse Proxy Web Agent doesn't process the WebAppClientResponse

book

Article ID: 7582

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

  We're running Web Agent on Apache Reverse Proxy, and when the

  LoadModule libmod_sm24.so line to is set at the end of the

  LoadModule list, then the WebAppClientResponse is not completely

  processed and the request is sent to the backend server instead of

  processing the file from the WebAppClientResponse.

 

  The strace command reports the processing to open a connection to the 

  backend server : 

 

  the WebAppClientResponse response file code is :

 

  { 

  "reason": "$$Reason$$", 

  "url": "$$URL$$" 

  } 

 

  and the thread open a connection after reading this file : 

 

  13:35:49 open("/www/web/siteminder_custom_response.json", O_RDONLY) = 12 

  13:35:49 fstat(12, {st_mode=S_IFREG|0644, st_size=49, ...}) = 0 

  13:35:49 read(12, "{\n \"reason\": \"$$Reason$$\",\n \"u"..., 49) = 49 

 

  13:35:49 bind(12, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 

  13:35:49 getsockname(12, {sa_family=AF_NETLINK, pid=38726, groups=00000000}, [12]) = 0 

  13:35:49 sendto(12, "\24\0\0\0\26\0\1\3\225 ^Y\0\0\0\0\0\0\0\0", 20, 0, 

  {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 

  13:35:49 recvmsg(12, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[ 

  {"8\0\0\0\24\0\2\0\225 ^YF\227\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], 

  msg_controllen=0, msg_flags=0}, 0) = 172 

 

  We would expect the Web Agent to read the WebAppClientResponse

  response file and give the code to the browser as per this strace

  snippet :

 

  The WebAppClientResponse response file code :

 

  <web20> 

  <siteminderreason>$$reason$$</siteminderreason> 

  <siteminderredirecturl>$$url$$</siteminderredirecturl> 

  </web20> 

 

  and the thread should write a header like this one : 

 

  06:57:10 open("/var/www/html/siteminder_custom_response.json", O_RDONLY) = 15 

  06:57:10 fstat(15, {st_mode=S_IFREG|055, st_size=121, ...}) = 0 

  06:57:10 read(15, "<web20>\n<siteminderreason>$$reas"..., 121) = 121 

 

  06:57:10 writev(12, [{"HTTP/1.1 200 OK\r\nDate: Thu, 06 J"..., 137}, 

  {"<web20>\n<siteminderreason>Challe"..., 113}], 2) = 250 

  06:57:10 write(10, "130.119.150.229 - - [06/Jul/2017"..., 88) = 88 

  06:57:10 shutdown(12, 1 /* send */) = 0 

 

Environment

Web Agent 12.52SP1CR05 64bit On Apache 2.4 64bit on RedHat 6 64bit; Policy Server : 12.52SP2CR01 on Windows 2012 R2;

Resolution

  This issue will be fixed in Web Agent 12.52SP1CR09. 

 

  You can also workaround the issue by setting LoadModule for

  sm_module at the very top of the LoadModule list in the httpd.conf

  like this :

 

  LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm24.so" 

  SmInitFile "/opt/apache2.4/conf/WebAgent.conf" 

  LoadModule authn_file_module modules/mod_authn_file.so 

  #LoadModule authn_dbm_module modules/mod_authn_dbm.so 

  #LoadModule authn_anon_module modules/mod_authn_anon.so 

 

  [...]