Layer7 Access Management

Tech Tip : CA Single Sign-On : Policy Server fails to return Custom Headers when Custom Header is recalculated every 30 seconds.

  • 1.  Tech Tip : CA Single Sign-On : Policy Server fails to return Custom Headers when Custom Header is recalculated every 30 seconds.

    Posted 01-10-2018 03:20 AM

    Issue:


    We're running Identity Manager integrated with Policy Server. We've

    configured a couple of Custom Headers in Responses to be returned as

    Identity Manager Access Roles to the application. We have set those

    Custom Headers to be recalculated every 30 seconds. However, after a

    given User successfully logs onto the application and navigate to

    another page within the same application, the User gets an application

    error and he's not able to view the page. More precisely, we noticed

    that the problem that after about the 30 seconds, the value in the

    Custom Headers is no longer returned to the application.

     

    Why do we have such issue ? How can we solve it ?

     

    Cause:

     

    Policy Server checks for the Realm OID in order to get the Domain and

    then to get the Response to calculate. This is failing since the

    realmOid was not set in the Method that was called earlier in the flow

    to update attributes. Adding the setting of the realmOID fixes the

    issue.

     

    Resolution:

     

    Upgrade the Policy Server to 12.52SP1CR08 to solve the issue.

     

    Defects Fixed in 12.52 SP1 CR08

     

    365506 DE171963 Policy Server fails to retain custom headers when a user successfully logs on to an application and navigates to another page within the application.

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr08

     

    KB : TEC1745046