Symantec Access Management

Expand all | Collapse all

SiteMinder encrypted web-agent name

Jump to Best Answer
  • 1.  SiteMinder encrypted web-agent name

    Posted 01-25-2017 06:34 AM

    Hi all,

     

    Recently we observed that our root protected SM URL is not coming up with the encrypted web-agent name and type, realmoid, guid, etc.

     

    The URL to access is like this https://sm.abc.com/, where root / is protected.

     

    If you hit the URL it should take you to the protected page and the URL should look like

    https://sm.abc.com/page?TYPE=7654321&REALMOID=45-6778899-3b16-1578-8c8d-d0950a7690fd&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-hsdjhwhduwdhQrNskClhqucorYVhvJuYsiDd%2bDibIRmL5GtTuzj5JFzZkEhDM9Og&TARGET=-SM-http%3a%2f%2fsm%2eabc%2ecom%2f

    But now if you hit the protected URL, it will show this above URL in the address bar, and will ultimately redirect to,

    https://sm.abc.com/page

    with no encrypted web-agent name, type, realmoid, etc.

     

    Now, /page is in the ignore URL and it was there before as well, but upon hitting https://sm.abc.com/ , the complete SM URL only used to come.

    The only change which we did was, we made the PostPreserveData "no".

    But if we enable the PostPreserveData as "yes" also now, then also the complete SM URL gets redirected to https://sm.abc.com/page

     

    Some observations:

    When PostPreserveData is "no" , you can see 'METHOD=POST' in the SM URL query parameter,

    When PostPreserveData is "yes", you can see 'METHOD=GET' in the SM URL query parameter.

     

    Any suggestion, what could cause this behaviour ?



  • 2.  Re: SiteMinder encrypted web-agent name

    Posted 01-25-2017 09:20 AM

    Does this behaviour has any relation with Cache-Control ?



  • 3.  Re: SiteMinder encrypted web-agent name
    Best Answer

    Posted 01-26-2017 10:01 AM

    I think it is dependent on how the WebServer OR Application Code handles the URI " /page ". So check the Web Server logs on why " /page " is doing a redirect and loosing all query parameters. I am pretty sure SM WebAgent does not have a role to play in what " /page " does. For the SM WebAgent is it a URI and it would treat it as such.

     

    Can you change your authscheme URL to OOB Login.fcc, with OOB ACO and test. You would not see the anomaly.