Symantec Access Management

Hi,

Is there a way we can instruct the webagent to issue a HTTP 403 instead of a 302 to the login page?

For example. I have an application home.jsp protected using a set of users. One of these users login to home.jsp. From the home.jsp he clicks on a link to restricted.jsp. Restricted.jsp is only available to people in a particular group. When the user goes there, this redirects him to the login page and OnAzReject rule is fired.

Is there a way I can ask the web agent to plainly issue a 403 unauthorized on OnAzReject? Instead of redirecting to the login page?

I looked at WebAppClientResponse but that needs the content type to be one of these three.

• text/*
• application/xml
• application/*+xml

Regards,

Anand.

Hi Anand,

Options to avoid the redirection back to the login page or to redirect user to a specific error page upon access denied:

• Define ACO parameter Custom401ErrorFile - Specifies the customized HTML page to display when users receive a 401 (insufficient privileges) browser error. These errors occur when a user does not have the appropriate privileges to access a resource.

         Example: Custom401ErrorFile="C:\error\accessdenied.txt"

• Setup OnAccessReject Rule with WebAgent-OnReject-Redirect response to redirect user to a specific error page

I guess Custom401ErrorFile option wouldn't work for this scenario as 403 and 401 are two separate HTTP responses and this issue with unauthorized pertains to 403 response only.

The OnAccessReject redirect response is the way to go.

How did you go with this Anand?