Symantec Access Management

Hi Everyone,

I think this will the basic requirement for any deployment. In my setup i want to show up my own Custom ERROR page with the TRANSACTION ID on it.

In a federation transaction whenever we face user not found or invalid Assertion while processing the assertion SPS throws a default Tomcat Error page with transaction id on it.

Is there any way to modify this page? Anyone have any idea on this?

Hello Ujwolbrettcarroll,

Do you have any idea on this requirement?

I have never attempted to do this.  I know this may not answer your question but the transactionID can be gathered from the logs -  Log Files that Aid Troubleshooting - CA SiteMinder® - 12.52 SP1 - CA Wiki

I am pretty sure you are wanting to display the error with transaction ID in order to quickly reference it in the logs.

Debug the response coming back to see what is provided and can be parsed.  Possibly  the transactionID can be stored in the session store and passed as a header response back to be used?

Hi Jack,

Thanks for your inputs,

I am acting as a SP in my federation Setup.

If suppose an assertion comes with invalid signature or user not found occurs at the SP side then before creating the Session itself federation transaction will fail. In this case how transaction id will be stored in the session store?

Actually I want to display my own Error Page with Transaction ID instead of the default Tomcat Error Page.

Is there any possibility of doing this?CA Security

Hi Venga,

There is a parameter in the SPS configuration that allows you to put in a custom class to show the error pages. By default it points to a CA class, but it is possible to change it and use your own class.

I am not sure if that would impact the support contract though, so you may want to confirm that with CA support before changing. I do know that it is possible to change the class and get your custom page, just not sure of the support impact.

Thanks

Hey Avijit

It sounds good. Can you please let me know the procedures, where to change and which params to change? I will confirm the with CA for Support.

One more thing. Is it possible to get the Current Transaction ID by using that class?

Hi All,

Anyone have idea on this?

Hi,

The tomcat error page is a static page and is not possible to print out the transaction id from out of the box setting. For troubleshooting on the federation issue, the best practise is to review the federation trace log, policy server trace log for the transaction id information. It will be handy if this printed out in tomcat error page but this is not possible at the moment.

Hope this helps.

Regards,

Kar Meng

Hello Venga

Does this not suffice your requirement?

Configure the Custom Error Messages Settings - CA SiteMinder® - 12.52 SP1 - CA Wiki

Regards

Hubert

Hi HubertDennis,

The link which you have mentioned contains how to use the custom error pages in SPS.

But My requirement is to fetch the Transaction ID in the Error page. basically whenever a federation transaction fails, SPS displays a Tomcat Error page with current Transaction ID. Similarly I would like to do display the Transaction ID in my own Error Page. Do you have any thoughts? please share with me.

Have you tried accessing the SM_TRANSACTIONID HTTP_Header in your error page?