CA Single Sign-On Tech Tip by Stephen McQuiggan, Sr Principal Support Engineer for August 28, 2015
##### Tip Description
Example use case: You want only user A1 to access resource: /static all others must be redirected
All failed authentications to be redirected to:
http://lodsun30a.mysite.com:9090/site1/index.html?AUTHFAILURE
All failed authorizations to be redirected to:
http://lodsun30a.mysite.com:9090/site1/index.html?ACCESSFAILURE
Create Realm with agent for resource /static
Create three rules under realm
Rule1 “Web Agent Action” to allow get/post for: /static
Rule2 “Authentication events” select OnAuthReject
Rule3 “Authorization events” select OnAccessReject
Create two responses, 2 is need if you want the redirects to be different for AU/AZ failures:
Responses1 – create responses attribute static of type “WebAgent-OnReject-Redirect”
Variable value: URL to be redirected to AU failures: http://lodsun30a.mysite.com:9090/site1/index.html?AUTHFAILURE
Responses2 – create responses attribute static of type “WebAgent-OnReject-Redirect”
Variable value: URL to be redirected to for AZ failure: http://lodsun30a.mysite.com:9090/site1/index.html?ACCESSFAILURE
Two Policies would be required
Policy 1 to allow access
Users add A1
Rules add Rule1
Policy 2 Rejected users redirects
Users add ALL – NOTE for rule to fire user must have access
Add rules Rule2 and Rule3
Add Response1 to Rule2
Add Response2 to Rule3