AdminUI protected by Reverse Proxy Web Agent redirection URL change
search cancel

AdminUI protected by Reverse Proxy Web Agent redirection URL change

book

Article ID: 242611

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction


When configuring a second Reverse Proxy Web Agent to protect an AdminUI, the browser still gets back to the first Reverse Proxy Web Agent URL.

How to change the Reverse Proxy Web Agent without having to re-register the AdminUI with the new Reverse Proxy Web Agent?

 

Environment

 

  AdminUI 12.8SP2 on RedHat 7;
  Web Agent 12.52SP1CR11 on Apache 2.4 on RedHat 7;

 

Cause


The Web Agent Reverse Proxy URL is written in binary data for the AdminUI in one of the .dat files here:

  {home_adminui}/adminui/standalone/data/derby/siteminder/objectstore/seg0
  
As per documentation, only 1 AdminUI can be protected by 1 Web Agent (1).

 

Resolution


There's a workaround to modify the Base URL value from the AdminUI Derby database.

This allows changing the Base URL to another DNS name.

Note that it won't allow using both DNS names (old and new) simultaneously for the same AdminUI.

Take a backup of the entire repository:

  /{home_adminui}/adminui/standalone/data

  • Stop the AdminUI;
  • Download db-derby-10.14.2.0-bin.tar.gz from https://db.apache.org/derby/releases/release-10_14_2_0.cgi

    # cd /opt/db-derby-10.14.2.0-bin/bin
    # export JAVA_HOME=/opt/jdk
    # ./ij
    ij version 10.14
    ij> connect 'jdbc:derby:/{home_adminui}/adminui/standalone/data/derby/siteminder/objectstore';
    ij> select attribute_value from IM_ENVIRONMENT_JDBC_LD where attribute_name = 'baseurl';

    ATTRIBUTE_VALUE

    --------------------------------------------------------------------------------------------------------------------------------

    https://myfirstadminui.example.com/iam/siteminder

    1 row selected

    ij> update IM_ENVIRONMENT_JDBC_LD set attribute_value = 'https://mysecondadminui.example.com/iam/siteminder' where attribute_name = 'baseurl';

    1 row inserted/updated/deleted

    ij> select attribute_value from IM_ENVIRONMENT_JDBC_LD where attribute_name = 'baseurl';

    ATTRIBUTE_VALUE

    --------------------------------------------------------------------------------------------------------------------------------

    https://mysecondadminui.example.com/iam/siteminder 

    1 row selected

    ij> commit;
    ij> disconnect;
    ij> exit;

  • Start the AdminUI;

    Then, the browser should be able to log in and be redirected to the AdminUI with the New URL Reverse Proxy Web Agent only.

 

Additional Information

Powered by Wolken Software