Symantec Access Management

Hi all,

We are facing issue in application as user information is not passed from Siteminder/Web server to application. Application code expects user_Id of the user who logged in to be passed on as part of SMUNIVERSALID field on the header. This issue is occurring for both prod and non-prod environments post migration.

But user is able to login application by providing user credentials at siteminder challenge page and below is the supported loges that siteminder is auth is working but issue with writing data in database, and are not seeing any errors in smps/smaccess log for odbc/jdbc or for database connectivity issue.

We have migrated website to new Linux servers. Post this migration, SMUNIVERSALID is passed as null to the application. This is preventing application to track the user information who have logged into the application. Also as checked in logs from prod server, the user_id was getting fetched properly when site was hosted on new servers. below is the application log ,

<Insite System--Tue Sep 11 11:27:06 EDT 2018>running jsp=/jsp/AccuracyIndexJSP.jsp

<Insite System--Tue Sep 11 11:27:09 EDT 2018>logging enabled

<Insite System--Tue Sep 11 11:27:09 EDT 2018>CmdServlet started in mode (env) test

<Insite System--Tue Sep 11 11:27:09 EDT 2018>new Session started...g42NWhG4i14TNnmPbQNg4MQ, null, CMD=ODR

<Insite System--Tue Sep 11 11:27:09 EDT 2018>CMD     ODR

<Insite System--Tue Sep 11 11:27:09 EDT 2018>Test = HttpQueryString -http://insite-tst.kraft.com/servlet/CmdServlet?CMD=ODR

<Insite System--Tue Sep 11 11:27:09 EDT 2018>CMD request=ODR

<Insite System--Tue Sep 11 11:27:10 EDT 2018>pool Connection opened=com.kraft.operations.inventory.util.UConnection>com.microsoft.sqlserver.jdbc.SQLServerDriver / jdbc:sqlserver:DRPI0001

<Insite System--Tue Sep 11 11:27:10 EDT 2018>running class=com.kraft.operations.inventory.accuracy.bean.ReconciledOrdersQuery

<Insite System--Tue Sep 11 11:27:10 EDT 2018>pool Connection closed=com.kraft.operations.inventory.util.UConnection>com.microsoft.sqlserver.jdbc.SQLServerDriver / jdbc:sqlserver:DRPI0001

<Insite System--Tue Sep 11 11:27:10 EDT 2018>running jsp=/jsp/ReconcileOrdersJSP.jsp

Siteminder logs: 

AzAccept MDZUSOKTULUTL06 [12/Sep/2018:08:48:24 -0500] "10.53.170.17 CN=HCU5126,OU=Non-Employees,OU=Users,OU=India,OU=AP,OU=Kraft,OU=Users and Workstations,DC=KRFT,DC=Net" "insite.kraft.com GET /html/Footer.html" [00000000000000000000000051bf360a-4772-5b991928-f53fcb70-7b464febb811] [0]  [] []

Kindly advise on this issue,

Its Urgent Please,

Regards

Rajkumar G

What is your webagent version ? Also try to print all the available http headers post authentication/authorization in your application and verify the header names and values.

I believe, you are running into below situation:

Header is passed  as HTTP_SM_UNIVERSALID, but you are expecting it as HTTP_SMUNIVERSALID

Refer below description:

LegacyVariables

Specifies if the Web Agent uses underscores in HTTP header names. With some web servers (such as the Sun Java System), using the underscore character in the HTTP headers causes problems with some applications.

When this parameter is set to no, the HTTP headers will not have underscores, as shown in the following example:

When this parameter is set to yes, the HTTP headers will use underscores, as shown in the following example:

Default: (traditional agents) Yes

Default: (framework agents) No

To enable legacy variables and have the Web Agent use underscores in the HTTP header names, set value of the LegacyVariables parameter to yes.

Hi Ashok,

Thanks for reply,

Sharing code string for review,

String Userid = request.getHeader("SMUNIVERSALID");

if (null != Userid)
{
Userid = Userid.toUpperCase();
}
else
{
String currentEnvironment = System.getProperty("env");
if ( currentEnvironment.equalsIgnoreCase("local"))
{
Userid = intVar.getValue("Userid");
}

Please advise , how to proceed further.

Thanks

Regards

Rajkumar G

Rajkumar RajKumar786

As requested we need the following information

- Version Info for old WebServer / OS / WebAgent.

- Version Info for new WebServer / OS / WebAgent.

- What is LegacyVariables set to in Old Version in Webagent.log.

- What is LegacyVariables set to in New Version in Webagent.log.

As a blind test, if we don't want to go through the hassles of understanding what went wrong, change the code from 

String Userid = request.getHeader("SMUNIVERSALID");

to

String Userid = request.getHeader("SM_UNIVERSALID");

Test and see.

Thanks for update,

But its strange, its working on old server with same "SMUNIVERSALID" but after migration to new application server its giving error.

Regards

Rajkumar G

Rajkumar RajKumar786

Did you migrate only your App Server / Code OR did you migrate your WebServer/WebAgent as well ? Could you be specific as to what was migrated and from which version to which version?

• If it was only App Server / Code that was migrated and WebFront end (i.e. WebServer / WebAgent) remains the same; then please check the proxy filters between Existing WebServer and New App Server.
• If WebServer / WebAgent was migrated as well. Ashok mutas02 has already provided a reasoning above, as to what could be causing it. Additionally we also requested the supporting info that was requested. 

If it is still an issue and there are concerns on sharing (filtered from sensitive info) logs, it'd be best to raise a CA Support Case to have support look at it using WebEx.

Thank you very much for support,

RajKumar786

In ideal conditions an upgrade should not break a working configuration i.e. something in the upgrade caused data override OR the new version defaults to some behavior which is different from what the older version used to do. There have been times where there has been a legit defect. Hence it is important to understand the root cause. 

Could we get more details on what components were upgraded, from which version to which version and at what point in the upgrade did it break (Could you be able to suggest after any specific component was upgraded this broke). By reading this blog, it feels like a OS / WebServer / WebAgent upgrade broke the working configuration.

What we would specifically need is a Web Agent log (high level and trace log) from older version and a Web Agent log (high level and trace log) from new version; so as to compare the differences. Since you switched to new linux server's you should have both this info available on old and new servers. I'd start there to investigate.

Regards

Hubert

Rajkumar, If it's urgent (as you mention), and still not solved with the above suggestions, please open a Support case with a high priority. 

Thanks. Vijay