Symantec Access Management

Tech Tip : CA Single Sign-On : The backend Web Server gives the unauthorized response instead of the Web Agent Reverse Proxy

  • 1.  Tech Tip : CA Single Sign-On : The backend Web Server gives the unauthorized response instead of the Web Agent Reverse Proxy

    Broadcom Employee
    Posted Nov 11, 2016 05:07 AM

    Issue:

     

    Running WebAgent, protecting backend server resource,
    the browser access directly the resource, the
    Web Agent doesn't seem to catch the request. I get the 401
    error from the backend server instead of the Web Agent Apache
    server 403 Forbidden.
    Environment:
    Web Agent 12.52SP1CR02 64bit on Apache 2.2.31 64bit on SLES 11 SP3 64bit;
    Cause:

     

    The fact that the Reverse Proxy module executes the request and
    serves the response before the Web Agent is seemly
    the Web Agent module isn't loaded first in the list, but problably
    at the very end :

     

    httpd.conf :

     

      ServerRoot /root/sandbox/apache2.4
      include conf/*.conf
      ProxyPreserveHost On
      LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm22.so"
      SmInitFile "$/opt/CA/webagent/conf/WebAgent.conf"

     

    From out of the box installation and configuration, the installer puts the load module
    instructions for the Web Agent at the first place in the httpd.conf file.
    Resolution:

     

    Make the Web Agent module to be the first
    loaded module in your configuration like :

     

      ServerRoot /root/sandbox/apache2.4
      LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm22.so"
      SmInitFile "$/opt/CA/webagent/conf/WebAgent.conf"
      include conf/*.conf
      ProxyPreserveHost On

     

    to solve the issue

     

    KB : TEC1052572