Symantec Access Management

  • Private Community

  • 1.  How Target URL is set in Login.fcc page?

    Posted Jul 28, 2016 06:29 AM


    Hello Everyone,

     

    I am just trying to understand how the target is set in the login.fcc page for ex:-https://login/login/V2_0/login.fcc?TYPE=33619969&REALMOID=***&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$***&TARGET…  .

     

    Now when i access a protected URL i.e https://abc.com then it comes in the login.fcc as a Target URL, but somehow it never comes as HTTPS instead it comes as HTTP. It's bit strange as according to my understanding Target is set based on what protected URL is accessed initially.

     

    Is there any way to change the target and keep it same as what is being accessed initially? Also technically how the Target is set at the backed with login.fcc

     

    Any thoughts?

     

    Thanks in Advance



  • 2.  Re: How Target URL is set in Login.fcc page?

    Posted Jul 28, 2016 06:45 AM

    Hello,

     

    Please check the following:

     

    https://communities.ca.com/thread/98900885

     

    GetPortFromHeaders needs to be set to Yes to read the port.

    HTTPSPorts (or HTTPSports if you prefer) needs to be set to a comma separated list of the ports to treat as HTTPS, otherwise the Web Agent defaults to HTTP.

     

    https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/advanced-configuration-settings/apache-web-server-settings#ApacheWebServerSettings-UsetheHTTPHOSTRequestforthePortNumber

     

    https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/user-protection-and-tracking/define-https-ports

     

    Hope it helps,

     

    Regards,

    Julien.



  • 3.  Re: How Target URL is set in Login.fcc page?

    Posted Jul 28, 2016 07:29 AM

    Hello Julien,

     

    Unfortunately that didn't work, i have added the below 2 parameters in the ACO.

     

    GetPortFromHeaders yes

    HTTPSPorts 443

     

    Thanks

    Ankur



  • 4.  Re: How Target URL is set in Login.fcc page?

    Posted Jul 28, 2016 07:45 AM

    Hello,

     

    Did you try 80,443 in HTTPSPorts ?

     

    Regards,

    Julien.



  • 5.  Re: How Target URL is set in Login.fcc page?

    Posted Jul 29, 2016 04:43 AM

    Hello Julien,

     

    Yes i tried 80,443 and just 443 as well . But still not able to see https in the target URL even if i access http. is there any other way to fix this?

     

    Thank You

    Ankur



  • 6.  Re: How Target URL is set in Login.fcc page?

    Broadcom Employee
    Posted Jul 29, 2016 08:37 AM

    Hello Ankur,

     

    Which Policy Server version are currently running?

     

    You may have to open a support case for further investigation.

     

    Regards,

     

    Bob



  • 7.  Re: How Target URL is set in Login.fcc page?
    Best Answer

    Broadcom Employee
    Posted Aug 01, 2016 04:06 PM

    Hi Ankur,

     

    On which port is the web server behind the load balancer listening?  It is not uncommon to use a non-default port here.  This is the port that must be specified in the HttpsPorts ACO parameter.  This parameter tells the web agent that when it creates a redirect for any request that was received on this port, the protocol in the redirect should be https.  If this web server is listening on default ports, including 80 in the HttpsPorts value should have worked and it would be best to open a case with Support for further troubleshooting.



  • 8.  Re: How Target URL is set in Login.fcc page?

    Broadcom Employee
    Posted Aug 04, 2016 03:56 PM

    Hi Ankur,

     

    Here is a KB article written on this subject supporting Pete's comments. He may have even written it!

     

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec529421.aspx

     

    Make sure when you set the ACO for HTTPSports you don't use the multi valued ACO attribute but use the comma to separate the ports.

     

    Thanks,

     

    Adam