Patrick-Dussault

Tech Tip : CA Single Sign-On : Apache Reverse Proxy Web Agent doesn't process the WebAppClientResponse

Discussion created by Patrick-Dussault Employee on Aug 14, 2017

Issue:


We're running Web Agent on Apache Reverse Proxy, and when the

LoadModule libmod_sm24.so line to is set at the end of the

LoadModule list, then the WebAppClientResponse is not completely

processed and the request is sent to the backend server instead of

processing the file from the WebAppClientResponse.

 

The strace command reports the processing to open a connection to the

backend server :

 

the WebAppClientResponse response file code is :

 

{

"reason": "$$Reason$$",

"url": "$$URL$$"

}

 

and the thread open a connection after reading this file :

 

13:35:49 open("/www/web/siteminder_custom_response.json", O_RDONLY) = 12

13:35:49 fstat(12, {st_mode=S_IFREG|0644, st_size=49, ...}) = 0

13:35:49 read(12, "{\n \"reason\": \"$$Reason$$\",\n \"u"..., 49) = 49

 

13:35:49 bind(12, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0

13:35:49 getsockname(12, {sa_family=AF_NETLINK, pid=38726, groups=00000000}, [12]) = 0

13:35:49 sendto(12, "\24\0\0\0\26\0\1\3\225 ^Y\0\0\0\0\0\0\0\0", 20, 0,

{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

13:35:49 recvmsg(12, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[

{"8\0\0\0\24\0\2\0\225 ^YF\227\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}],

msg_controllen=0, msg_flags=0}, 0) = 172

 

We would expect the Web Agent to read the WebAppClientResponse

response file and give the code to the browser as per this strace

snippet :

 

The WebAppClientResponse response file code :

 

<web20>

<siteminderreason>$$reason$$</siteminderreason>

<siteminderredirecturl>$$url$$</siteminderredirecturl>

</web20>

 

and the thread should write a header like this one :

 

06:57:10 open("/var/www/html/siteminder_custom_response.json", O_RDONLY) = 15

06:57:10 fstat(15, {st_mode=S_IFREG|055, st_size=121, ...}) = 0

06:57:10 read(15, "<web20>\n<siteminderreason>$$reas"..., 121) = 121

 

06:57:10 writev(12, [{"HTTP/1.1 200 OK\r\nDate: Thu, 06 J"..., 137},

{"<web20>\n<siteminderreason>Challe"..., 113}], 2) = 250

06:57:10 write(10, "130.119.150.229 - - [06/Jul/2017"..., 88) = 88

06:57:10 shutdown(12, 1 /* send */) = 0

 

Environment:

 

Web Agent 12.52SP1CR05 64bit On Apache 2.4 64bit on RedHat 6 64bit;

Policy Server : 12.52SP2CR01 on Windows 2012 R2;

 

Resolution:

 

This issue will be fixed in Web Agent 12.52SP1CR09.

 

You can also workaround the issue by setting LoadModule for

sm_module at the very top of the LoadModule list in the httpd.conf

like this :

 

LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm24.so"

SmInitFile "/opt/apache2.4/conf/WebAgent.conf"

LoadModule authn_file_module modules/mod_authn_file.so

#LoadModule authn_dbm_module modules/mod_authn_dbm.so

#LoadModule authn_anon_module modules/mod_authn_anon.so

 

[...]

KB :

Outcomes