Symantec Access Management

  • 1.  Is there a known reason why a regex rule would cease working upon switching to a new login server?

    Posted 06-27-2017 02:36 PM

    We are migrating over to a new windows login server (12.52 SP1 web agent). When migrating a policy using a very simple regex in the rule, authentication stopped working. The rule had been working for several years without a problem. When I removed the regex and replaced it with "/*" everything worked fine. Don't have logs. Has anyone experienced anything similar or is there a documented issue with this?



  • 2.  Re: Is there a known reason why a regex rule would cease working upon switching to a new login server?

    Posted 06-28-2017 02:30 AM

    Hello,

    Regarding regular expression and resource matching you can check the following doc :

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/rules-overview/resource-matching-and-regular-expressions#ResourceMatchingandRegularExpressions-RegularExpressionsforResourceMatching

     

    I checked the release notes and not able to see any issue with regular expression.

    > When you implemented your new login server, have you made any changes to your application protection server ?
    > Can  you please provide you environment details ?

    ======================
    -- ENVIRONMENT:
    =======================
    > What is the policy server version ? SP ? CR ?
    > What is the OS ?
    > What is your Policy Store vendor ?
    > What is your User Directory vendor ?
    ---
    > What is the WebAgent version ? SP ? CR ?
    > What is the WebServer version ?
    > What is the OS of the WebServer ?

     

    > Did you try to use the siteminder test tool (windows only) to check the validity of the policies and the result of an IsProtected call ?
    > Without logs/traces of WA and PS is will be difficult to find the root cause.

    Hope it helps,

    Julien.



  • 3.  Re: Is there a known reason why a regex rule would cease working upon switching to a new login server?

    Posted 06-28-2017 09:37 AM

    Hi Julien,

    Thank you for your response. I know log files would be more helpful, but they aren't available in this situation. No significant changes were made to the application server. The application and protection policy were working fine until we changed login servers. The new login server is 12.52 CR01 and the application Web Agent is 12.5. I don't think the policy server or policy store had anything to do with the issue, as they were upgraded months ago (12.52 CR01).

     

    I'll try the test tool and see what I can find out.

     

    Thanks again!

    Eric