Patrick-Dussault

Tech Tip : CA Single Sign-On : I don't see IdleTimeout Reason when the Web Agent is configured for webappclientresponse

Discussion created by Patrick-Dussault Employee on Jun 2, 2017

Issue:

 

I've configured webappclientresponse and idletimeouturl that way in
the Web Agent ACO :

 

[567/5][Thu May 25 2017 11:58:18]webappclientresponse='Resource=/myurl/*|Method=GET,POST
  |Status=302|Body=/home/service/server/apache/conf/custom_web20.xml
  |Content-Type=application/xml|Charset=us-ascii'.

 

[567/5][Thu May 25 2017 11:58:18]
  idletimeouturl='http://myhost.mydomain.com/login/mylogin.jsp'.

 

I see indeed the redirection going to the mylogin.jsp page, but the reason
is a Challenge, and there's no URL given in the custom response.

 

[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmHttpCredCore.cpp:1973][CSmHttpCredCore::DoFormsChallenge][mywebagent]
  [/myurl/][GET][host01][Redirecting to credential collector 'https://myhost.mydomain.com/login/mylogin.jsp?
  TYPE=33554433&REALMOID=06-96649a07-00e6-4e38-a96b-d0cfa0a8ca01&GUID=0&SMAUTHREASON=0&METHOD=GET&
  SMAGENTNAME=-SM-Y%2fl0%2fmOuarOGQa2IPRUCwvcnNL8%2b0SQFGKK%2bsx1feM9h1dEfiuItLXe2Thq3HvADirGDdTEKA%2f08b3nwo
  Kgi6wllKPHXUxdl&TARGET=-SM-http%3A%2F%2Fmyhost.mydomain.com%2Fmyurl%2F'.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:210][CSmWeb20Cache::GetForm][][][][]
  [Form template '/home/service/server/apache/conf/custom_web20.xml'
  not found in cache.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:227][CSmWeb20Cache::GetForm][][][][]
  [Serving form template '/home/service/server/apache/conf/custom_web20.xml'
  from disk.]
[05/25/2017][12:17:20.093][580][25][][CSmWeb20Cache.cpp:270][CSmWeb20Cache::GetForm][][][][]
  [Form template '/home/service/server/apache/conf/custom_web20.xml'
  stored in cache.]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmWeb20Response.cpp:108][HandleCustomizedResponsRequest][mywebagent][/myurl/]
  [GET][host01][Sending WEB 2.0 custom response (Url '' and Reason 'Challenge')]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmChallengeManager.cpp:124][CSmChallengeManager::DoChallenge][mywebagent]
  [/myurl/][GET][host01][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[05/25/2017][12:17:20.092][580][25][0000000000000000000000000d813f56-0244-59270390-0019-23a33da3]
  [CSmHighLevelAgent.cpp:607][ProcessRequest][mywebagent][/myurl/][GET][host01]
  [Challenge Manager returned SmExit, end new request.]


Environment:

 

Web Agent 12.52SP1CR06 on Apache 2.2 on RedHat

 

Cause:

 

  The url you have defined has a wild card and you forget to tell the
  Web Agent to not update the SMSESSION cookie on the resource /myurl/*,
  and this is why you don't see the reason idletimeout. You need to
  specify overlooksessionforurls to get the idletimeout handled and you
  need to set overlooksessionaspattern to handle the wildcard *


Resolution:

 

Add the following ACO configuration :

 

  overlooksessionforurls=/myurl/*
  overlooksessionaspattern=yes

 

in order to solve the issue and get Reason : idletimeout.

 

KB : TEC1133821

Outcomes