Symantec Access Management

Back to discussions

Cert based Authentication

1. Cert based Authentication

0 Recommend
Kevin19
Posted Mar 01, 2017 10:54 AM

Reply Reply Privately
I am trying to configure an application for Cert Based Authentication. For some reason, even though the cert is present on the browser, webagent is unable to fetch the cert.

Strange this about the URL is, it changes to a login.fcc page which does not exists on the server.

My authentication schema parameter is https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/login.fcc?cert
but the URL redirects to https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f

I am still not sure how the URL is redirected to /1488382133/login.fcc file. I have checked all the configurations to check if there is any hardcoding, but did not find any reference.

Here are the logs I have captured.

https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f

webagent logs:
[8404/5960][Wed Mar 01 2017 10:28:53][CSmFormTemplateObj.cpp:226][ERROR][sm-HTTPAgent-00370] Error opening form template 'D:\Program Files (x86)\CA\secure-proxy\Tomcat\webapps\..\..\proxy-engine\examples\siteminderagent\certoptional\forms\1488382133\login.fcc': No such file or directory.
[8404/5960][Wed Mar 01 2017 10:28:53][SmFCC.cpp:1308][ERROR][sm-HTTPAgent-00130] Credential Collector error. Exiting with HTTP 500 server error '00-0011'.

Webagent trace:
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProxyValve::invoke][Virtual Host: idmdevpriv.coach.com]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProxyValve::invoke][Using session scheme: default]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProxyValve::invoke][Using default user agent]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessRequest][Start new request.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmResourceManager::ProcessResource][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved HTTP_HOST: 'idmdevpriv.coach.com'.]
[03/01/2017][10:28:53][8404][5960][][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][idmdevpriv.coach.com]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved hostname: 'idmdevpriv.coach.com'.]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][Entered Function server: idmdevpriv.coach.com, port: :443]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][addrinfo lookup failed The requested name is valid, but no data of the requested type was found. ]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][Leaving Function]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved agentname: 'spsagentweb02-idm'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ResolveClientIp][Resolved Client IP address '172.27.52.116'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved URL: '/'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved METHOD: 'GET'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResource][Resolved cookie domain: '.coach.com'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmResourceManager::ProcessResource][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmResourceManager::ProcessResource][Calling SM_WAF_SPS_PLUGIN->ProcessResource.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmResourceManager::ProcessResource][SM_WAF_SPS_PLUGIN->ProcessResource returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmSessionManager::EstablishSession][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmSessionManager::EstablishSession][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmSessionManager::EstablishSession][Calling SM_WAF_SPS_PLUGIN->EstablishSession.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmSessionManager::EstablishSession][SM_WAF_SPS_PLUGIN->EstablishSession returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][IsResourceProtected][Resource is protected from Policy Server.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessResponses][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpPlugin::ProcessResponses][Processing IsProtected responses.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessResponses][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessResponses][Calling SM_WAF_SPS_PLUGIN->ProcessResponses.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessResponses][SM_WAF_SPS_PLUGIN->ProcessResponses returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmCredentialManager::GatherCredentials][Calling SM_WAF_HTTP_PLUGIN->ProcessCredentials.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmCredentialManager::GatherCredentials][SM_WAF_HTTP_PLUGIN->ProcessCredentials returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmCredentialManager::GatherCredentials][Calling SM_WAF_SPS_PLUGIN->ProcessCredentials.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmCredentialManager::GatherCredentials][SM_WAF_SPS_PLUGIN->ProcessCredentials returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessRequest][CredentialManager returned SmNo or SmNoAction, calling ChallengeManager.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmChallengeManager::DoChallenge][Calling SM_WAF_HTTP_PLUGIN->ProcessChallenge.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpCredCore::DoSSLChallenge][Executing SSL challenge.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmHttpCredCore::DoSSLChallenge][Redirecting to credential collector 'https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][HandleCredCollectorChallenge][Redirecting for credentials 'https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f'.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmChallengeManager::DoChallenge][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmChallengeManager::DoChallenge][Calling SM_WAF_SPS_PLUGIN->ProcessChallenge.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][CSmChallengeManager::DoChallenge][SM_WAF_SPS_PLUGIN->ProcessChallenge returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProcessRequest][Challenge Manager returned SmExit, end new request.]
[03/01/2017][10:28:53][8404][5960][][ReportHealthData][Accumulating HealthMonitorCtxt.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][Tomcat5SerializedAgentData::doResponse][HTTP Status Code = 302]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProxyValve::invoke][Exit status returned from the agent.]
[03/01/2017][10:28:53][8404][5960][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][ProxyValve::invoke][Leaving the agent.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Entering the agent.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Virtual Host: idmdevpriv.coach.com]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Using session scheme: default]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Using default user agent]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProcessRequest][Start new request.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessResource][Calling SM_WAF_HTTP_PLUGIN->ProcessResource.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved HTTP_HOST: 'idmdevpriv.coach.com'.]
[03/01/2017][10:28:53][8404][5960][][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][idmdevpriv.coach.com]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved hostname: 'idmdevpriv.coach.com'.]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][Entered Function server: idmdevpriv.coach.com, port: :443]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][addrinfo lookup failed The requested name is valid, but no data of the requested type was found. ]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::DoDNSLookup ][Leaving Function]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved agentname: 'spsagentweb02-idm'.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ResolveClientIp][Resolved Client IP address '172.27.52.116'.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved URL: '/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f'.]
[03/01/2017][10:28:53][8404][5960][][CSmHttpPlugin::AutoAuthorizedUrl][Auto-authorizing resource, matches IgnoreUrl filter.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Autoauthorizing URL : 'https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/1488382133/login.fcc?TYPE=16777244&REALM=-SM-IDMRoot%20[10%3a28%3a53%3a461]&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-spsagentweb02--idm&TARGET=-SM-https%3a%2f%2fidmdevpriv%2ecoach%2ecom%2f' , Method: 'GET' ]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved METHOD: 'GET'.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessResource][Resolved cookie domain: '.coach.com'.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessResource][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessResource][Calling SM_WAF_SPS_PLUGIN->ProcessResource.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessResource][SM_WAF_SPS_PLUGIN->ProcessResource returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmSessionManager::EstablishSession][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmSessionManager::EstablishSession][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmSessionManager::EstablishSession][Calling SM_WAF_SPS_PLUGIN->EstablishSession.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmSessionManager::EstablishSession][SM_WAF_SPS_PLUGIN->EstablishSession returned SmNoAction.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProcessRequest][ProtectionManager returned SmNo, end new request.]
[03/01/2017][10:28:53][8404][5960][][ReportHealthData][Accumulating HealthMonitorCtxt.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProcessAdvancedAuthentication][Start new request.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessAdvancedAuthResource][Calling SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthResource.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ProcessAdvancedAuthResource][Resolved HTTP_HOST: 'idmdevpriv.coach.com'.]
[03/01/2017][10:28:53][8404][5960][][Entered CSmHttpPlugin::ResolveFQServerName sHost: ][idmdevpriv.coach.com]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmHttpPlugin::ResolveClientIp][Resolved Client IP address '172.27.52.116'.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][SmFcc::getLocalePath][Localized Path = D:\Program Files (x86)\CA\secure-proxy\Tomcat\webapps\..\..\proxy-engine\examples\siteminderagent\certoptional\forms\1488382133\login.fcc, working locale = default]
[03/01/2017][10:28:53][8404][5960][][CSmFormTemplateCache::GetForm][Form template 'D:\Program Files (x86)\CA\secure-proxy\Tomcat\webapps\..\..\proxy-engine\examples\siteminderagent\certoptional\forms\1488382133\login.fcc' not found in cache.]
[03/01/2017][10:28:53][8404][5960][][CSmFormTemplateObj::LoadFormTemplate][No such file or directory]
[03/01/2017][10:28:53][8404][5960][][CSmFormTemplateCache::GetForm][Unable to serve form template 'D:\Program Files (x86)\CA\secure-proxy\Tomcat\webapps\..\..\proxy-engine\examples\siteminderagent\certoptional\forms\1488382133\login.fcc' from disk.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][SmFcc::setup][Unable to process form D:\Program Files (x86)\CA\secure-proxy\Tomcat\webapps\..\..\proxy-engine\examples\siteminderagent\certoptional\forms\1488382133\login.fcc.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][CSmResourceManager::ProcessAdvancedAuthResource][SM_WAF_HTTP_PLUGIN->ProcessAdvancedAuthResource returned SmExit.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProcessAdvancedAuthentication][ResourceManager returned SmExit, end new request.]
[03/01/2017][10:28:53][8404][5960][][ReportHealthData][Accumulating HealthMonitorCtxt.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][Tomcat5SerializedAgentData::doResponse][HTTP Status Code = 500]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Exit status returned from the agent.]
[03/01/2017][10:28:53][8404][5960][249ad319-c4eb2f52-5499d330-a74d9412-4d6c033d-88e][ProxyValve::invoke][Leaving the agent.]

SMTrace logs:
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][][][][][][][][][][][][][][][][][][][*172.27.52.116][Receive request attribute 208, data size is 14][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][][][][][][][][][][][][][][][][][][][10122988-808f57a8-ce891c5a-d1388b88-7861a2fa-4078][Receive request attribute 221, data size is 49][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][spsdevtrustedhost][Receive request attribute 200, data size is 17][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][https://idmdevpriv.coach.com][Receive request attribute 217, data size is 28][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][/][Receive request attribute 201, data size is 1][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][GET][Receive request attribute 202, data size is 3][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][FALSE][Receive request attribute 134, data size is 5][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:205][CSm_Az_Message::ProcessMessage][s13358/r599][spsagentweb02-idm][][][][][][][][][][][][][][][][][][spsdevtrustedhost][** Received agent request.][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][10:28:53][][][][01-8293b489-9505-4a39-9ec9-a8d4284fa8d7][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:387][CSm_Az_Message::AnalyzeAzMessage][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Az_Message::AnalyzeAzMessage][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:395][CSm_Az_Message::AnalyzeAzMessage][][][][][][][][][][][][][true][][][][][][][][Leave function CSm_Az_Message::AnalyzeAzMessage][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][IsProtected.cpp:49][CSm_Az_Message::IsProtected][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Az_Message::IsProtected][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][IsProtected.cpp:72][CSm_Az_Message::IsProtected][][spsagentweb02-idm][][][][][][][][][][][][][172.27.29.107][][][][][1536][Received request from agent, check agent api version.][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][IsProtected.cpp:95][CSm_Az_Message::IsProtected][][spsagentweb02-idm][/][][][][][][][][][][][][https://idmdevpriv.coach.com][][][][][][Starting IsProtected processing.][10:28:53][][][][][][][][][][GET][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthorization.cpp:534][CSmAz::IsProtected][][][][][][][][][][][][][][][][][][][][][Enter function CSmAz::IsProtected][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][10:28:53][][][][06-45e4db82-d218-4508-9327-0b20117f512f][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthorization.cpp:610][CSmAz::IsProtected][][][/][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][][Resource is protected by realm.][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthorization.cpp:612][CSmAz::IsProtected][][][][][][][][][][][][][Realm][][][][][][][][Leave function CSmAz::IsProtected][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][SmObjCache.cpp:773][CSmObjCache::Lookup][][][][][][][][][][][][][][][][][][][][][Look up a cached object.][10:28:53][][][][0d-429e3044-f9c1-47f2-a5b8-25c8cfa1bc72][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthCert.cpp:4817][SmAuthQuery][][][][][][][][][][][][][][][][][][][][][Enter function SmAuthQuery][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthCert.cpp:4956][SmAuthQuery][][][][][][][][][][][][][Sm_AuthApi_Success][][][][][][][][Leave function SmAuthQuery][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:406][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Enter function CSm_Az_Message::SendReply][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][03-2d4b460d-5ead-481d-a0d7-2e49aaef89f1][Send response attribute 150, data size is 39][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][30 33 2d 32 64 34 62 34 36 30 64 2d 35 65 61 64 2d 34 38 31 64 2d 61 30 64 37 2d 32 65 34 39 61 61 65 66 38 39 66 31 ][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][06-45e4db82-d218-4508-9327-0b20117f512f][Send response attribute 204, data size is 39][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][30 36 2d 34 35 65 34 64 62 38 32 2d 64 32 31 38 2d 34 35 30 38 2d 39 33 32 37 2d 30 62 32 30 31 31 37 66 35 31 32 66 ][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][IDMRoot][Send response attribute 203, data size is 7][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][49 44 4d 52 6f 6f 74 ][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][16777244][Send response attribute 219, data size is 8][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][31 36 37 37 37 32 34 34 ][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/login.fcc][Send response attribute 220, data size is 73][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][68 74 74 70 73 3a 2f 2f 69 64 6d 64 65 76 70 72 69 76 2e 63 6f 61 63 68 2e 63 6f 6d 2f 73 69 74 65 6d 69 6e 64 65 72 61 67 65 6e 74 2f 63 65 72 74 6f 70 74 69 6f 6e 61 6c 2f 66 6f 72 6d 73 2f 6c 6f 67 69 6e 2e 66 63 63 ][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][][Send response attribute 146, data size is 0][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][][Send response attribute 147, data size is 0][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:595][CSm_Az_Message::ProcessMessage][s13358/r599][spsagentweb02-idm][][][][IDMRoot][IDM-Dev][][][][][][][][][][][][][][** Status: Protected. ][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:599][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][Leave function CSm_Az_Message::SendReply][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][IsProtected.cpp:286][CSm_Az_Message::IsProtected][][][][][][][][][][][][][Protected][][][][][][][][Leave function CSm_Az_Message::IsProtected][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][Sm_Az_Message.cpp:377][CSm_Az_Message::ProcessMessage][][][][][][][][][][][][][746][][][][][][][][Leave function CSm_Az_Message::ProcessMessage][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthUser.cpp:1452][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Enter function CSmAuthUser::~CSmAuthUser][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[03/01/2017][10:28:53.454][2644][3260][SmAuthUser.cpp:1504][CSmAuthUser::~CSmAuthUser][][][][][][][][][][][][][][][][][][][][][Leave function CSmAuthUser::~CSmAuthUser][10:28:53][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][00:00:00.000000][]
2. Re: Cert based Authentication

0 Recommend
emmle02
Posted Mar 01, 2017 11:40 AM

Reply Reply Privately
Hi Kevin,

Refer
https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/07/26/ech-tip-ca-single-sign-on-x509-cert-authentication-with-iis-agent

https://communities.ca.com/community/ca-security/ca-single-sign-on/blog/2016/08/10/tech-tip-ca-single-sign-on-x509-cert-authentication-with-apache-agent

Regards,
Leo Joseph.
3. Re: Cert based Authentication

0 Recommend
Karmeng
Posted Mar 01, 2017 07:18 PM

Reply Reply Privately
Hi Kevin,

Please confirm what authentication scheme type that you are using. If you are using "X509 Client Cert Template", I expect the target to
/siteminderagent/cert/smgetcred.scc

The authentication scheme parameter that you mentioned
https://idmdevpriv.coach.com/siteminderagent/certoptional/forms/login.fcc?cert

doesn't seem right. If you are using "X509 Client Cert and Form Template", I expect the target parameter

/siteminderagent/certoptional/forms/login.fcc

It's odd that you have ?cert after login.fcc

Check the KB that Leo mentioned and see if that helps.

Regards,
Kar Meng
4. Re: Cert based Authentication

0 Recommend
Vikash.Singh
Posted Mar 02, 2017 02:17 PM

Reply Reply Privately
Hello,

Please make sure you have created a certificate mapping. You can do via WAM UI. If there is no cert mapping present webagent would fail to match the issuer DN of cert in user system. Hence it will redirect to form based Auth.

Regards,
Vikash
5. Re: Cert based Authentication

0 Recommend
Ujwol
Posted Mar 02, 2017 11:46 PM

Reply Reply Privately
Hi Kevin,

It seems you are trying to to use X.509 certificate authentication with CA Secure Proxy Server.
Please refer to this guide and see if you have done all steps as per this :
Tech Tip : CA Single Sign-On :CA Access Gateway:X.509 Cert Authentication

Also, I see that you are trying to use CertOrForm authentication scheme.
I will suggest, fixing your cert login use case first by using X.509 certificate authentication scheme.

As far as that redirection to /1488382133/login.fcc. is concerned, the integer value that you see is a random number.
If you still have questions, let us know.

Cheers,
Ujwol Shrestha
Ujwol's Single Sign-On Blog

Symantec Access Management

Cert based Authentication

Kevin19Mar 01, 2017 10:54 AM

emmle02Mar 01, 2017 11:40 AM

KarmengMar 01, 2017 07:18 PM

Vikash.SinghMar 02, 2017 02:17 PM

UjwolMar 02, 2017 11:46 PM

1. Cert based Authentication

2. Re: Cert based Authentication

3. Re: Cert based Authentication

4. Re: Cert based Authentication

5. Re: Cert based Authentication