search cancel

Single Sign On Siteminder - Issue HTTP Header + Post

book

Article ID: 119972

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running a Web Agent and when the form html page send headers
as :

<form method="post" action="https://mymachine.mydomain.com/search.do"> 
<input type="hidden" name="userid" value="<%=uid%>"> 
<input type="hidden" name="myvariable1" value="<%=myvariable1%>"/> 
<input type="hidden" name="myvariable2" value="<%=myvariable2%>"/> 
</form> 

the headers and values for userid, myvariable1, myvariable12, aren't
reaching the target page https://mymachine.mydomain.com/search.do. So
that pages reports the values as null.

I'd like to know why. 

Cause

From the Fiddler traces, we see the header passed to the back end
server on a POST action. But the server replies with return code 301
to make the URL https instead of http. This redirection is culprit of
the lost of the header values.

You should take note of the following. If you POST header to a page, 
the next redirected page won't get these headers. Only the page you 
POST to will have. 

Apache 301 Redirect and preserving post data 

"POST data is discarded on redirect as a client will perform a GET 
request to the URL specified by the 301. Period." 

https://stackoverflow.com/questions/13628831/apache-301-redirect-and-preserving-post-data 
 

Environment

Release: MSPJBO99000-12.52-Single Sign-On-Agent for JBoss-for MSP
Component:

Resolution

Configure your Web Server in order to accept only https requests in
order to avoid the 301 return code to solve this issue.