Symantec Access Management

Expand all | Collapse all

affwebservices redirectjsp looping

Jump to Best Answer
  • 1.  affwebservices redirectjsp looping

    Posted 09-05-2017 04:23 PM

    Hi,

     

    We created a partnership and trying to test SSO, when I hit IDP or SP initiated URL it redirects to affwebservices/redirectjsp/redirect.jsp, which is authentication URL (running SPS) and I have it protected with a policy.

    IDP initiated URL:

     

    http://idp.test.com/affwebservices/public/saml2sso?SPID=sp-test-local

    Authentication URL:

     

     

    http://idp.test.com/affwebservices/redirectjsp/*

     

    We have the SAML partnership working in other different environments which are running different versions, I am not sure if I am doing something wrong or its something else.

     

    Policy server Version: 12.52; Update: 01.02; Build: 766; CR: 02;

    SPS Version 12.52 , Update 0102 , Label 766

     

    idp.test.com/affwebservices/redirectjsp/redirect.jsp?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SPID=sp-test-local&SAMLTRANSACTIONID=19b1c9e9-506590a2-dfded98d-663a0bed-0d675329-49&SAMLTRANSACTIONID=f542953c-648f9f40-1d8c2e76-c3ff55f1-be707dc8-d&SAMLTRANSACTIONID=148ac743-c83b2088-a2b4777b-c339d5a4-7a879df0-7d7&SAMLTRANSACTIONID=2690323f-c3cf97d7-353d6955-dc6d6ba1-3901dcc0-ec&SAMLTRANSACTIONID=1d8f5f74-0ec854f7-7b1c4e9e-e2130ac7-47bf1903-29&SAMLTRANSACTIONID=1a73816e-5603ba81-c5beaf48-238e4b2a-15beea21-fe2&SAMLTRANSACTIONID=3641645a-61541125-51adde10-306ba427-646ea1cd-fc&SAMLTRANSACTIONID=88b91fb6-c22d85a6-c1aa86b9-ed341d2a-7ede4f17-37&SAMLTRANSACTIONID=13e23e18-eebd7131-fdb092d0-c97fe271-f0f3e191-130&SAMLTRANSACTIONID=1e6ab916-fc0e1ff5-bd54638c-32a07931-3a1ea6f2-304&SMPORTALURL=http%3A%2F%2Fidp.test.com%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=129133ac-36a479c3-4f6dbc3c-17d01bd4-3278034e-99

     

     

    The request loops between

    http://idp.test.com/affwebservices/redirectjsp/redirect.jsp 
    http://idp.test.com/affwebservices/public/saml2sso

    Attachment(s)

    zip
    saml-idp.saz.zip   92K 1 version
    zip
    saml-fwstrace.txt.zip   14K 1 version


  • 2.  Re: affwebservices redirectjsp looping

    Posted 09-05-2017 04:38 PM

    Ensure you have DisableSessionVars=No


    https://communities.ca.com/thread/241748872





  • 3.  Re: affwebservices redirectjsp looping

    Posted 09-05-2017 05:02 PM

    HI Ujwol, its its set as Default Value:

     

    [4016/4424][Tue Sep 05 2017 15:47:58] disablesessionvars=no



  • 4.  Re: affwebservices redirectjsp looping

    Posted 09-05-2017 05:03 PM

    Can you attach FWSTrace.log and fiddler please?



  • 5.  Re: affwebservices redirectjsp looping

    Posted 09-05-2017 05:09 PM

    attached, please let me know what I am missing here.



  • 6.  Re: affwebservices redirectjsp looping
    Best Answer

    Posted 09-05-2017 08:09 PM

    Hi Richard,

     

    I don't see a challenge for credential after redirection to /redirectjsp/ URL 

     

    http://idp.test.com/affwebservices/redirectjsp/redirect.jsp?SPID=sp-test-local&SMPORTALURL=http%3A%2F%2Fidp.test.com%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=2124d1e0-0336762f-4d68b690-3cf624fe-c4fbc8af-e59 

     

    Are you sure this is protected ? The authentication URL needs to be protected.

    If you have protected it and if it's still not working can you please provide the sps agent trace log as well please ?

     

    Regards,

    Ujwol



  • 7.  Re: affwebservices redirectjsp looping

    Posted 09-06-2017 09:39 AM

    That's correct Ujwol I have /affwebservices/redirectjsp/redirect.jsp protected but when I hitting just http://idp.test.com/affwebservices/redirectjsp/redirect.jsp is not prompting for login, which is kind of weird.

     

    so when I changed the realm to protect /affwebservices/redirectjsp/* I am getting for prompt for http://idp.test.com/affwebservices/redirectjsp/ but not for http://idp.test.com/affwebservices/redirectjsp/redirect.jsp



  • 8.  Re: affwebservices redirectjsp looping

    Posted 09-06-2017 09:57 AM

    in addition to this I tried using smtest tool which is showing the resource is protected /affweservices/redirectjsp/redirect.jsp.

     

    So I am confused why when I hitting the URL in browser its not getting protected.



  • 9.  Re: affwebservices redirectjsp looping

    Posted 09-06-2017 12:13 PM

    Hi Ujwol, I got it working, it was a silly miss I had .jsp added as ignore extension, I removed it and now I am getting prompt for login.