Symantec Access Management

  • Private Community

  • 1.  Apache with reverse  proxy with  AJP connector issue

    Posted Oct 18, 2015 09:47 AM

    Hi, I'm trying to configure web agent for an apache which serve  has reverse  proxy with  AJP connector in 8009 port to tomcat server  . So here web agent calling for  login.cc which searching over 'proxy:ajp://localhost:8009/login.fcc' . Not sure which document root the file is searching for . I’m sure something needs to be fixed in httpd.conf ,Please help me in fixing this . Here basic authentication working fine but not html form base auth.

     

     

    [3401/2274853568][Sun Oct 18 2015 16:45:28][CSmFormTemplateObj.cpp:226][ERROR][sm-HTTPAgent-00370] Error opening form template 'proxy:ajp://localhost:8009/login.fcc': No such file or directory.

    [3401/2274853568][Sun Oct 18 2015 16:45:28][SmFCC.cpp:1308][ERROR][sm-HTTPAgent-00130] Credential Collector error.  Exiting with HTTP 500 server error '00-0011'



  • 2.  Re: Apache with reverse  proxy with  AJP connector issue

    Posted Oct 19, 2015 02:32 AM

    Hi,

     

    Try look for login.fcc at following path

    <SPS_installed_path>\proxy-engine\examples\forms

     

    and try copy login.fcc to

    <SPS_installed_path>\proxy-engine\examples\siteminderagent\forms

     

    Regards,

    Kar Meng



  • 3.  Re: Apache with reverse  proxy with  AJP connector issue

    Posted Oct 25, 2015 07:48 AM

    Thanks Kar , For the update . I haven't used SPS before . Is any way to fix this issue using web agent ? Instead using SPS.



  • 4.  Re: Apache with reverse  proxy with  AJP connector issue
    Best Answer

    Posted Oct 28, 2015 08:30 PM

    Hi kasis3

     

    I thought you were using Siteminder SPS and causing the issue. If this is just a normal web agent with apache reverse proxy configure, you might need to check the Apache httpd.conf for where the document root refer to. In general, web agent will configure Alias in httpd.conf for the files that it refer to.

     

    For example, when the user redirect to login.fcc

     

    http://FQDN/siteminderagent/forms/login.fcc.....

     

    The httpd.conf will have following to refer to where the file located

     

    Alias /siteminderagent/ "/apps/www/netegrity/webagent/samples/"

    <Directory "/apps/www/netegrity/webagent/samples/">

    Options Indexes MultiViews

    AllowOverride None

    Order allow,deny

    Allow from all

    </Directory>

     

    In your case, it seems refer to the document root of Apche server (localhost:8009/login.fcc). Try copy the login.fcc from <WA_INSTALL_PATH>/samples/forms to the document root.

     

    Beside, if you are configuring the Apache web server to function as a reverse proxy server with any CA SiteMinder® agent, check following document:

    https://support.ca.com/cadocs/0/CA SiteMinder 12 52 SP1-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?764843.html

     

    Thanks,

    Kar Meng



  • 5.  Re: Apache with reverse  proxy with  AJP connector issue

    Broadcom Employee
    Posted Oct 29, 2015 08:54 AM

    As stated previously, login.fcc is typically in <install_dir>\webagent\samples\forms, and the Apache virtual directory name is "siteminderagent"

    So your authentication scheme should point to /siteminderagent/forms/login.fcc

    Make sure that your AJP configuration excludes the /siteminderagent directory. I.e. you don't forward requests to this directory to the Tomcat server.

     

    If you were using mod_proxy to forward everything to Tomcat, you could use the following to exclude /siteminderagent

         ProxyPass /siteminderagent !

    I'm not sure what the mod_jk equivalent is.



  • 6.  Re: Apache with reverse  proxy with  AJP connector issue

    Posted Nov 08, 2015 05:35 AM

    Thanks , As per your suggestion reverse proxy applied via httpd proxy module been worked ..

     



  • 7.  Re: Apache with reverse  proxy with  AJP connector issue

    Posted Nov 09, 2015 10:21 PM

    Glad it works for you kasis3