AnsweredAssumed Answered

CA SPS Error Redirect Response

Question asked by anand3g on Feb 17, 2016
Latest reply on Jun 19, 2017 by PKSahu

Hi,

 

I have one JSP1 that I protect with User Directory 1.

 

Second JSP2 is protected using User Directory 2.

 

The web agent I'm using is the SPS.

 

User launches browser and accesses JSP1 and enters userDirectory1 credentials and successfully gets to JSP1.

In the same browser, he now attempts to access JSP2. I get a web agent failed to process error.

 

Below is the excerpt from the trace logs.

 

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][AuthorizeUser][User 'cn=****,ou=Users,o=test1adnc' is not authorized by Policy Server.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProcessResponses][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][CSmHttpPlugin::ProcessResponses][Processing Authorization responses.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][CSmHttpPlugin::ProcessResponses][Removing HTTP cache request headers.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProcessResponses][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProcessResponses][Calling SM_WAF_SPS_PLUGIN->ProcessResponses.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProcessResponses][SM_WAF_SPS_PLUGIN->ProcessResponses returned SmNoAction.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProcessRequest][AuthorizationManager returned SmNo or SmNoAction, calling ChallengeManager.]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][Tomcat5SerializedAgentData::doResponse][HTTP Status Code = 403]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][Tomcat5SerializedAgentData.doError][Response message not present; Returning SmFailure]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ProxyValve::invoke][The agent Failed to process the request with a returncode of 5Returning internal server error to the client]

[02/17/2016][12:25:38][1528][704][16ffe63a-457d41d4-f9c2ccf5-831fc919-23e2bdb4-b8b9][ErrorPageImpl::displayMessage][Custom Error Pages : Custom message is not an URL. If URL is specified then it might not be in proper format. Considering it as plain text message.]

 

It processes the SMSEssion cookie, but then the user is not authorized for JSP2 since he logged in using User Directory 1 credentials.

 

Shouldn't the agent ideally respond with a login page challenge? From the trace logs it seems as though you can set a URL response for this error. Anybody know if that is possible? How can I get the agent to re challege the user in this case?

 

Regards,

Anand.

Outcomes