Symantec Access Management

  • 1.  What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 03, 2015 05:30 PM

    I'm seeing a weird issue where I am clicking on an https link for a protected resource but the SiteMinder/Single Sign On cookie provider seems to be sending http as the target.  Has anyone run in to this or have a suggestion as to why this may be happening?

     

    Thanks!

    Eric



  • 2.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?
    Best Answer

    Posted Apr 06, 2015 07:58 AM

    As of 6.0 SP5 and in all versions after

     

    GetPortFromHeaders needs to be set to Yes to read the port.

    HTTPSPorts (or HTTPSports if you prefer) needs to be set to a comma separated list of the ports to treat as HTTPS, otherwise the Web Agent defaults to HTTP.

     

    Are both of those set?



  • 3.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 06, 2015 12:06 PM

    The HTTPSPorts attribute was set to multivalue, which didn't seem to work.  Thanks for the input.

     

    It had been suggested to me to add both 80, 443 as values to the HTTPSPorts attribute.  Is this necessary?  What benefit, or cost, results from adding 80 to the HTTPSPorts attribute?

     

    Thanks again!

    Eric



  • 4.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 06, 2015 12:40 PM

    it's a minor cost to add them. fractions of a second to do the comparison.

    probably a millisecond at most

     

    the cost  fo not having 443 is that 443 wont be treated as https.

     

    the reason that CA Support normally suggests 80 as well is that bouncing between content servers and  cookie  providers has a possibility of switching to http as a course of action, and having 80 there makes it flip back to https for sure.

     

    in honesty, i think that most implementations can get away with 443 and not 80, but i would recommend 80 on the chance of an error occurring.

     

    -Josh



  • 5.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 07, 2015 12:51 PM

    Thanks Josh!

     

    I did find that removing port 80 causes an error.  Does that indicate there is a configuration issue on the server side or is there an issue with the Web Agent configuration?

     

    Eric



  • 6.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 07, 2015 12:55 PM

    It could. It might also mean there's a drop of port numbers or switch to HTTP in the mix that the web agent will correct by adding the 80.

     

    this might not be the web agent's fault, but might be something the agent is fixing.



  • 7.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 08, 2015 11:00 AM

    Could keeping 80 in the list cause any problems?  Could the failure that occurs when removing 80 from HTTPSPorts be related to the cookie provider not having SecureCookies enabled (yet)?



  • 8.  Re: What would cause the SiteMinder cookie provider to return http when the link to the requested resource is https?

    Posted Apr 08, 2015 11:04 AM

    Good Questions. I am not 100% sure of either, but suspect the answers to be No and No. Might be something CA could verify. then they can improve their documentation.