Symantec Access Management

Hi,

I'm using CA Secure Proxy Server as a federation gateway.

I use user attributes as attributes in the assertion for several partnerships.

Whenever I encounter an user who doesn't have the necessary attribute, my SPS throws a 500 Internal Server error from Tomcat.

This page looks really ugly and I want to customize the error page with a more informative error message.

I looked through the admin guide and the information there seems to not apply for my situation.

I tried putting the error page directive in the web.xml for affwebservices. That didn't help.

I trued putting the error page jsp directive in the redirect.jsp. That also didn't help.

Has anyone done this before?

Regards,

Anand.

Hi Anand,

Have you tried with the Status Redirect URL settings in Federation Partnership configurations?

Best regards,

Kelly

Hi Anand,

For the SPS 500 error, as documented here : CA SiteMinder® SPS Integrated Documents 12.52 SP1) you can modify those files :

C:\Program Files (x86)\CA\secure-proxy\Tomcat\properties\SPSErrorMessages.properties
C:\Program Files (x86)\CA\secure-proxy\Tomcat\properties\SPSErrorMessages_[language].properties

and add the URL of your custom error page instead of the default message.

VirtualHostNotFound=https://MySite.com/forms/error.fcc
SessionSchemeNotFound=https://MySite.com/forms/error.fcchttps://MySite/forms/error.fcc
SessionCreateError=https://MySite.com/forms/error.fcchttps://MySite/forms/error.fcc
SessionUpdateError=https://MySite.com/forms/error.fcchttps://MySite/forms/error.fcc
WebAgentException=https://MySite.com/forms/error.fcc

....

For the affwebservice, I already asked that question to CA Support for and here is the answer i got from them :

      "At present SPS is not handling the error page redirection this needs to be done manually with following configuration change in
     (<SPS_installation_dir>\Tomcat\webapps\affwebservices\WEB-INF\web.xml)

     Please be sure to make a backup before making this change.

     Please modify web.xml in affwebservices deployment to include information like below in specific xml content under <web-app> element

     <error-page>
       <error-code>500</error-code>
       <location>500 error specific page path</location> </error-page>

     <error-page>
       <error-code>404</error-code>
       <location>404 error specific page path</location> </error-page>

     <error-page>
       <error-code>403</error-code>
       <location>403 error specific page path</location> </error-page>

     ....
     ....

     before doing above modification stop application server where affwebservices were deployed (i.e SPS )

     After performing modification start application server where affwebservices were deployed (i.e SPS ).

     Thank you,
     CA Support"

Hope this helps

Best regards

Phil

Hello Phil,

Sorry to bother, I tried what you povided above with no luck.

For "<location>500 error specific page path</location>"

      What kind of format did you use for location information?

If you have an example of what you deployed and you used for the location tag, it will be helpful.

I tried different options without success, local path, local path between quotes, URL, etc.

Also in server.log I found a lot of new error messages when I have the location set up:
[27/Dec/2017:06:28:23-374] [INFO] - proxy: Initializing proxy communication module com.ca.proxy.apache.httpclient.SPSClient
[27/Dec/2017:06:28:23-374] [INFO] - Forward Service started.
[27/Dec/2017:06:28:40-904] [ERROR] - InitCatalina failed ('Failed to start component [StandardServer[8005]]')
[27/Dec/2017:06:28:40-905] [ERROR] - org.apache.catalina.LifecycleException: Failed to start component [StandardServer[8005]]
[27/Dec/2017:06:28:40-906] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:162)
[27/Dec/2017:06:28:40-907] [ERROR] -  at com.netegrity.proxy.ProxyServer.initCatalina(ProxyServer.java:835)
[27/Dec/2017:06:28:40-908] [ERROR] -  at com.netegrity.proxy.ProxyServer.init(ProxyServer.java:160)
[27/Dec/2017:06:28:40-909] [ERROR] -  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[27/Dec/2017:06:28:40-910] [ERROR] -  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[27/Dec/2017:06:28:40-911] [ERROR] -  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[27/Dec/2017:06:28:40-912] [ERROR] -  at java.lang.reflect.Method.invoke(Method.java:498)
[27/Dec/2017:06:28:40-913] [ERROR] -  at com.netegrity.proxy.ProxyBootstrap.execute(ProxyBootstrap.java:233)
[27/Dec/2017:06:28:40-914] [ERROR] -  at com.netegrity.proxy.ProxyBootstrap.main(ProxyBootstrap.java:169)
[27/Dec/2017:06:28:40-915] [ERROR] - Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardService[Catalina]]
[27/Dec/2017:06:28:40-916] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:162)
[27/Dec/2017:06:28:40-917] [ERROR] -  at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:758)
[27/Dec/2017:06:28:40-917] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
[27/Dec/2017:06:28:40-918] [ERROR] -  ... 8 more
[27/Dec/2017:06:28:40-919] [ERROR] - Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[SPS]]
[27/Dec/2017:06:28:40-920] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:162)
[27/Dec/2017:06:28:40-921] [ERROR] -  at org.apache.catalina.core.StandardService.startInternal(StandardService.java:444)
[27/Dec/2017:06:28:40-922] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
[27/Dec/2017:06:28:40-923] [ERROR] -  ... 10 more
[27/Dec/2017:06:28:40-924] [ERROR] - Caused by: org.apache.catalina.LifecycleException: A child container failed during start
[27/Dec/2017:06:28:40-925] [ERROR] -  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1127)
[27/Dec/2017:06:28:40-926] [ERROR] -  at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:300)
[27/Dec/2017:06:28:40-927] [ERROR] -  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
[27/Dec/2017:06:28:40-928] [ERROR] -  ... 12 more
[27/Dec/2017:06:28:40-929] [ERROR] - ProxyServer initialization failed.
[27/Dec/2017:06:28:40-930] [ERROR] - Config File: 'e:\CA\secure-proxy/proxy-engine/conf/server.conf')

For the error page, I deployed it inside the affwebservices folder

Thanks for your help!

Fernando,  We request you open a case with CA Support providing all the details,--  as this is a more detailed activity that may require interaction with a support engineer. CA Support may have to run a Webex session with you to review your deployment.

Thank you.

I used this configuration and I used a web page reading the query string.

Infact the url defined in both WebServerErrorMessages.properties and SPSErrorMessages.properties, in case of error, redirects the browser to the defined url passing a responseCode parameter containing the reason:

i.e.   https://MySite.com/forms/error.fcc?responseCode=VirtualHostNotFound 

or

https://MySite.com/forms/error.fcc?responseCode=404