No IdleTimeout Reason when the Web Agent is webappclientresponse configured
search cancel

No IdleTimeout Reason when the Web Agent is webappclientresponse configured

book

Article ID: 6958

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction


Having configured the webappclientresponse and the idletimeouturl ACO parameters:

  webappclientresponse='Resource=/myurl/*|Method=GET,POST|Status=302|Body=/home/service/server/apache/conf/custom_web20.xml|Content-Type=application/xml|Charset=us-ascii'.
  idletimeouturl='http://host.example.com/login/mylogin.jsp'.

The browser gets redirected to the login.jsp page, but the reason is a Challenge, and there's no URL given in the custom response.

[05/25/2017][12:17:20.092][580][25][][CSmHttpCredCore.cpp:1973][CSmHttpCredCore::DoFormsChallenge][<agent>][/<app>/][GET][<host>][Redirecting to credential collector 'https://host.example.com/login/login.jsp?TYPE=33554433&REALMOID=<realm>&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-<agentname>&TARGET=-SM-http%3A%2F%2Fhost.example.com%2F<app>%2F'.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:210][CSmWeb20Cache::GetForm][][][][][Form template '/{home_web_server}/conf/custom_web20.xml'not found in cache.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:227][CSmWeb20Cache::GetForm][][][][][Serving form template '/{home_web_server}/conf/custom_web20.xml' from disk.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:270][CSmWeb20Cache::GetForm][][][][][Form template '/{home_web_server}/conf/custom_web20.xml' stored in cache.]
[05/25/2017][12:17:20.092][580][25][][CSmWeb20Response.cpp:108][HandleCustomizedResponsRequest][<agent>][/<app>/][GET][<host>][Sending WEB 2.0 custom response (Url '' and Reason 'Challenge')]
[05/25/2017][12:17:20.092][580][25][][CSmChallengeManager.cpp:124][CSmChallengeManager::DoChallenge][<agent>][/<app>/][GET][<host>][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[05/25/2017][12:17:20.092][580][25][][CSmHighLevelAgent.cpp:607][ProcessRequest][<agent>][/<app>/][GET][<host>][Challenge Manager returned SmExit, end new request.]

 

Environment

 

Web Agent 12.52SP1CR06 on Apache 2.2 on RedHat

 

Cause


The defined URL has a wildcard and the Web Agent is not configured to not update the SMSESSION cookie on the resource /<app>/*. This explain why the reason idletimeout is not seen.

Specify overlooksessionforurls to get the idletimeout handled and set overlooksessionaspattern to handle the wildcard *.

 

Resolution


Add the following ACO configuration (1):

  overlooksessionforurls=/<app>/*
  overlooksessionaspattern=yes

to solve the issue and get Reason: idletimeout.

 

Additional Information

Powered by Wolken Software