Symantec Access Management

Hello! How are you?

We Integrated the IDM and some issues is appearing in production. One of them is this error:

Server.log:

2018-03-09 07:55:41,452 ERROR [ims.ui] (default task-27) Page cannot be found.  Please check the URL. (/iam/im/IdentityEnv/ui7/ui/images/favicon.ico)

SSO:

[03/09/2018][08:28:19.411][08:28:19][4140][4952][SmAuthorization.cpp:588][CSmAz::IsProtected][][][/iam/im/ui/images/favicon.ico][][][][][][][][][][65536][][][][][][][][Resource is not protected, no realm matches this resource]

I am protecting:

idm/iam/im/IdentityEnv/*

ACO:

So, what´s wrong?

Thanks!

IDM 14.1

SSO 12.7

Hi Ednei,

Did you try to access this icon via LB url and direct hostname:port ?

https://<LB URL>/iam/im/ui/images/favicon.ico

http://<hostname:port>/iam/im/ui/images/favicon.ico

I suspect that either file(favicon.ico) is missing in the IDM server or it is not proxied at webserver level - to byepass the webserver, try accessing using hostname:port.

Regards

Ashok

Heyy ashok! How are you ?

Yes, i tried. I can download the ico file. I tested  via LB ( https://LB:9443/XXXX) and directly, without SSO (https://Node1:8443/XXXX).

Thank you!!

You should be able to view the image in the browser, if you access it directly, but it should not get downloaded.

Here is the issue:

IDM Logs - #47;iam&#47;im&#47;IdentityEnv&#47;ui7&#47;ui&#47;images&#47;favicon.ico

Webagent Log - /iam/im/ui/images/favicon.ico

favicon.ico is global to IDM Admin application and always displayed from the url - /iam/im/ui/images/favicon.ico regardless of IME name.
It should not have any reference to IDM environment.

It looks like front-ending webserver is appending your environment context root(IdentityEnv/ui7) while reverse proxying it to your back end application server, thats why you are getting 404 from app server log with invalid path.

Please check your webserver proxy/reverse proxy configurations for any invalid mappings.

Regards

Ashok

Hi Ednei,

Your Realm Resource Filter does not cover this resource;

Realm: idm/iam/im/IdentityEnv/*

Resource: /iam/im/ui/images/favicon.ico

Note that the REALM starts with "idm" while the Resource does not, so this REALM does not cover this resource. The "favicon.ico" request is made by the Browser for the "Favorites Icon" for the Site. If there is no "Favorites Icon", then a 404 will be returned.

The "404" returned when a site does not contain a "Favorites Icon" is expected behavior.

hey Rick, how are you ? Thank you for the answer.

Well, i think that I don't understand the point. I really have the Favorites Icon and I could really open it on browser. So, what is the problem ? 

mutas02 Said something that I think is right. My problem here is the reverse proxy. however, I didn't test it yet, because this issue didn't happen again

Thanks and i'm sorry for the delay.

Hi Ednei,

No problem, I'm glad to hear you are no longer seeing the issue. The Agent reported "Resource is not protected, no realm matches this resource", and you had then mentioned;

"I am protecting:

idm/iam/im/IdentityEnv/*

ACO:

So, what´s wrong?"

".ico" is not listed in your "IgnoreExt" list, so, I thought you were also concerned that the resource was "not protected", so I was pointing out that the requested resource of "/iam/im/ui/images/favicon.ico" was NOT covered by the above REALM Resource Filter of "idm/iam/IdentityEnv/*", so the "not protected" is expected.

Yes, if there is a "favicon.ico" and a 404 is being returned, then you will need to verify why the back-end Web Server hosting the resource is returning this response based on the configuration and request being made and proxied.

Thanks,

Rick