Symantec Access Management

Expand all | Collapse all

Tech Tip : CA Single Sign-On : After Web Agent upgrade from 12SP3 to 12.52SP1, the .fcc page shows its code instead of the login page.

  • 1.  Tech Tip : CA Single Sign-On : After Web Agent upgrade from 12SP3 to 12.52SP1, the .fcc page shows its code instead of the login page.

    Broadcom Employee
    Posted Jan 02, 2017 06:23 AM

    Issue :

     

    - Running Web Agent, when accessing the Custom HTML Authentication Scheme .fcc,
      then the .fcc code doesn't get interpreted and you see all its code in the browser :

     

      <!-- SiteMinder Encoding=ISO-8859-1; -->
      @username=%USER%
      @smretries=3
      @smerrorpage=/siteminderagent/error.html
      <!-- My Custom Authentication Page Version : 1.1 --><html>

     

      <head>
      <title>My Company</title>

     

      etc.

     

    The Web Agent traces reports also some errors lines :

     

    WebAgentTrace.log

     

    [09/15/2016][08:55:18][17132][1734338304][CSmFormTemplateCache.cpp:226]
     [CSmFormTemplateCache::GetForm][][][][][][][][][][][Serving form template
     '/opt/CA/webagent/samples/forms/myauth.fcc' from disk.]
    [09/15/2016][08:55:18][17132][1734338304][CSmFormTemplateCache.cpp:269]
     [CSmFormTemplateCache::GetForm][][][][][][][][][][][Form template
     '/opt/CA/webagent/samples/forms/myauth.fcc' stored in cache.]
    [09/15/2016][08:55:18][17132][1734338304][SmFCC.cpp:1483][SmFcc::setup]
     [][][][][][][][][][][Error. No redirect target found in namespace.]
    [09/15/2016][08:55:18][17132][1734338304][CSmHttpPlugin.cpp:8788]
     [CSmHttpPlugin::ProcessAdvancedAuthResource][][][][][][][][][][]
     [unable to process FCC parameters. Returning SmNoAction.]

     

    Environment :

     

    Web Agent 12.52SP1CR01 on Apache 2.2 on RedHat 6 64bit;

     

    Cause :

     

      You see that because the Custom Authentication .fcc file hasn't been
      completely internationalized, and as such, the Web Agent cannot
      interprete the code completely.

     

    Solution :

     

      All Custom .fcc upgrade from 12SP3 to 12.52SP1 needs some adjustments.

     

      To override them, add to the ACO the Localization parameter, and give it the
      value "no".

     

      By documentation, we specify this :

     

      Disable Internationalization to Use Customized FCCs from Upgraded Agents Versions Prior to 12.51

     

      [...]

     

      8. Set the value of the parameter to No. (Default Value for Localization Parameter: Yes.)

     

      Important! Disabling agent internationalization prevents the use of all forms supplied
      with the new agent and disables all other agent internationalization features.
      For a longer term solution, we recommend migrating your existing FCCs to work
      on an internationalized agent and reenabling agent internationalization.
      For more information, see FCC Internationalization.

     

      https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/release-notes/installation-and-upgrade-considerations/web-agent-installation-and-upgrade-considerations#WebAgentInstallationandUpgradeConsiderations-DisableInternationalizationtoUseCustomizedFCCsfromUpgradedAgentsVersionsPriorto12.51internationalization1252sp1

     

      Also to localize the .fcc Custom Authentication Scheme, there are additional
      steps to have it run :

     

      FCC Internationalization

     

      https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agent-configuration/fcc-internationalization

     

      To override the issue the time you need to adjust the .fcc page, do the following :

     

      - Stop the Web Agent;
      - In the Web Agent ACO, add the Parameter "Localization" with the value "No"
      - Start the Web Agent;

     

    KB : TEC1978163



  • 2.  Re: Tech Tip : CA Single Sign-On : After Web Agent upgrade from 12SP3 to 12.52SP1, the .fcc page shows its code instead of the login page.

    Posted Jan 03, 2017 09:55 AM

    With Apache we have seen removing the below add handlers/restart apache resolve the issue for the code appearing.

     

    The AddHandlers are :

     

     AddHandler smformsauth-handler .fcc
     AddHandler smsslformsauth-handler .sfcc
     AddHandler smadvancedauth-handler .scc
     AddHandler smcookieprovider-handler .ccc