Symantec Access Management

  • Private Community

  • 1.  SPS is adding an extra trailing string after authentication

    Posted Aug 16, 2018 04:20 PM

    I am trying to configure SPS and currently the flow isn't working correctly. Let's use frontend.com and backend.com/target for this example.

     

    Proxy rules is ...

    <nete:proxyrules xmlns:nete="http://frontend.com"><nete:forward>http://backend.com/target$0</nete:forward>

     

    1.User types in frontend.com/ and login page is served as expected showing frontend.com/siteminderagent/forms/...

    2. User successfully authenticates and is forwarded ... but we receive a 404 error instead of the requested resource.

    3. The url displays frontend.com/target 

    4. WebAgentTrace log shows that the flow breaks when trying to forward to the requested resource. But instead of frontend.com/target, it tries to forward to frontend.com/target/target/.

     

    Any idea why it is trying to add the /target/ twice? I've tried to play with the trailing slashes in the proxy rules as well as $0 and $1.



  • 2.  Re: SPS is adding an extra trailing string after authentication
    Best Answer

    Posted Aug 16, 2018 09:31 PM

    Jawaan wasja02

     

    I'm assuming you are accessing http://frontend.com/target on your browser.

    Since we have defined $0 in proxyrules http://backend.com/target$0 therefore the end result is frontend.com/target/target/

     

    If we are accessing http://frontend.com/target on the browser, then on ProxyRules only keep http://backend.com$0.

     

     

    Configure Proxy Rules Manually - CA Single Sign-On - 12.8 - CA Technologies Documentation 

    Forward and Redirect Syntax

    When forwarding or redirecting a request, CA Access Gateway uses a system for maintaining some part or all of the URI specified by a user. The URI points to a resource that lies on a destination server and must be interpreted to fulfill a request.

    Either of the following may be appended to the URL specified in a forward or redirect destination:

    • $0
      Appends the entire URI string from the user request to the destination specified in the proxy rule.
      For example, if a proxy rule forwards all user requests for www.company.com to proxy.company.com$0, and a user requests for www.company.com/employees/hr/index.html, that request is forwarded to proxy.company.com/employees/hr/index.html.

    • $1
      Indicates that everything to the right of the matching text is appended to the forwarded or redirected request. Use it in nete:case elements where the parent nete:cond element specifies a URI substring match using the begins with comparison.
      For example, consider a proxy rules configuration file that has a nete:cond element of:

      <nete:cond type="uri" criteria="beginswith">

      Assume this condition is the child of a condition that is evaluating URIs for a hostname of www.company.com and a nete:case element of:

      <nete:case value="/hr">
      <nete:forward>http://hr.company.com$1</nete:forward> </nete:case>

      If a user requests:

      The request is forwarded to:

      As the example specifies the $1 parameter, the /hr portion of the URI is omitted when the request is forwarded to hr.company.com.


  • 3.  Re: SPS is adding an extra trailing string after authentication

    Posted Aug 17, 2018 12:11 PM

    Thank you Hubert for helping me understand how the proxyrules work with the $0 and $1.

     

    I was able to resolve the double /target issue by keeping the base server names in the proxyrules.xml and requesting frontend.com/target in the browser. So /target gets appended to backend.com.