Symantec Access Management

  • Private Community

  • 1.  Customize Authentication URL in Federation Gateway

    Posted Sep 20, 2016 12:03 PM

    I have been using this partnership for a while successfully. Ran into some migration issue. So removed the partnership and recreated it manually. No changes done on SPS server.

    I have a bunch of federation apps which use common authentication scheme but there is one app which needed some branding on the login page. So I have updated the authentication URL in the partnership to https://SPSHOST.com/siteminderagent/redirectjsp/sf.jsp.
    Please notice that sf.jsp is added in addition to the default redirectjsp. I have configured a realm to protect sf.jsp with the branded authentication scheme. All is well so far. When I access my fed app. I get redirected to sf.jsp which redirects me to .fcc page. I login, SMSESSION is created , and I get redirected to :

    https://SPSHOST/siteminderagent/redirectjsp/sf.jsp?SPID=Test&SMPORTALURL=https%3A%2F%2FsSPSHOST%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=271bed27-8e385b3e-da28c4e8-203165ee-6f24fa62-ac with SPS returning 404 Error saying :

    Requested resource not available.
    /siteminderagent/redirectjsp/sf.jsp

    I dont see anything in SPS logs wrt 404 error. What I am missing? Appreciate anyone who can point me in right direction.

    server.conf:

    <federation>
    enablefederationgateway="yes"
    fedrootcontext="affwebservices"
    authurlcontext="siteminderagent/redirectjsp"
    allowlinking="yes"
    protectedbackchannelservices="saml2artifactresolution,saml2certartifactresolution,saml2attributeservice,saml2certattributeservice,assertionretriever,certassertionretriever"
    </federation>



  • 2.  Re: Customize Authentication URL in Federation Gateway
    Best Answer

    Broadcom Employee
    Posted Sep 20, 2016 04:10 PM

    Hi Anil,

     

    Where did you add sf.jsp, which server? file location?

    After the change, did you recycle the Tomcat service?

    If error 404 is encountered, then it should be from front end web server, either apache or tomcat log.

    Did you check those apache access files?

     

    Was this federation manager (with SPS built-in) or simply stand alone federation?

    If you go to policy server side XPSExplorer, do you see any attribute reference in your partnership properties that is still pointed to redirect.jsp?

     

    Also, if you decode url, your SMPORTALURL=https://sSPSHOST/affwebservices/public/saml2sso

    It has an extra "s". Hope this is it.

     

    If more effort is involved, maybe open a new ticket and work it through with someone.

     

    Thanks

    Hongxu



  • 3.  Re: Customize Authentication URL in Federation Gateway

    Posted Sep 20, 2016 10:02 PM

    Hello Hongxu, Thanks for your reply.

    You are right, sf.jsp was added at incorrect location. All is well now. Thank You for guiding me in correct direction.