I'm seeing a weird issue where I am clicking on an https link for a protected resource but the SiteMinder/Single Sign On cookie provider seems to be sending http as the target. Has anyone run in to this or have a suggestion as to why this may be happening?
As of 6.0 SP5 and in all versions after
GetPortFromHeaders needs to be set to Yes to read the port.
HTTPSPorts (or HTTPSports if you prefer) needs to be set to a comma separated list of the ports to treat as HTTPS, otherwise the Web Agent defaults to HTTP.
Are both of those set?
The HTTPSPorts attribute was set to multivalue, which didn't seem to work. Thanks for the input.
It had been suggested to me to add both 80, 443 as values to the HTTPSPorts attribute. Is this necessary? What benefit, or cost, results from adding 80 to the HTTPSPorts attribute?
it's a minor cost to add them. fractions of a second to do the comparison.
probably a millisecond at most
the cost fo not having 443 is that 443 wont be treated as https.
the reason that CA Support normally suggests 80 as well is that bouncing between content servers and cookie providers has a possibility of switching to http as a course of action, and having 80 there makes it flip back to https for sure.
in honesty, i think that most implementations can get away with 443 and not 80, but i would recommend 80 on the chance of an error occurring.
I did find that removing port 80 causes an error. Does that indicate there is a configuration issue on the server side or is there an issue with the Web Agent configuration?
It could. It might also mean there's a drop of port numbers or switch to HTTP in the mix that the web agent will correct by adding the 80.
this might not be the web agent's fault, but might be something the agent is fixing.
Could keeping 80 in the list cause any problems? Could the failure that occurs when removing 80 from HTTPSPorts be related to the cookie provider not having SecureCookies enabled (yet)?
Good Questions. I am not 100% sure of either, but suspect the answers to be No and No. Might be something CA could verify. then they can improve their documentation.