Symantec Access Management

 View Only
  • 1.  SPS is adding an extra trailing string after authentication

    Posted Aug 16, 2018 04:20 PM

    I am trying to configure SPS and currently the flow isn't working correctly. Let's use and for this example.


    Proxy rules is ...

    <nete:proxyrules xmlns:nete=""><nete:forward>$0</nete:forward>


    1.User types in and login page is served as expected showing

    2. User successfully authenticates and is forwarded ... but we receive a 404 error instead of the requested resource.

    3. The url displays 

    4. WebAgentTrace log shows that the flow breaks when trying to forward to the requested resource. But instead of, it tries to forward to


    Any idea why it is trying to add the /target/ twice? I've tried to play with the trailing slashes in the proxy rules as well as $0 and $1.

  • 2.  Re: SPS is adding an extra trailing string after authentication
    Best Answer

    Posted Aug 16, 2018 09:31 PM

    Jawaan wasja02


    I'm assuming you are accessing on your browser.

    Since we have defined $0 in proxyrules$0 therefore the end result is


    If we are accessing on the browser, then on ProxyRules only keep$0.



    Configure Proxy Rules Manually - CA Single Sign-On - 12.8 - CA Technologies Documentation 

    Forward and Redirect Syntax

    When forwarding or redirecting a request, CA Access Gateway uses a system for maintaining some part or all of the URI specified by a user. The URI points to a resource that lies on a destination server and must be interpreted to fulfill a request.

    Either of the following may be appended to the URL specified in a forward or redirect destination:

    • $0
      Appends the entire URI string from the user request to the destination specified in the proxy rule.
      For example, if a proxy rule forwards all user requests for to$0, and a user requests for, that request is forwarded to
    • $1
      Indicates that everything to the right of the matching text is appended to the forwarded or redirected request. Use it in nete:case elements where the parent nete:cond element specifies a URI substring match using the begins with comparison.
      For example, consider a proxy rules configuration file that has a nete:cond element of:

      <nete:cond type="uri" criteria="beginswith">

      Assume this condition is the child of a condition that is evaluating URIs for a hostname of and a nete:case element of:

      <nete:case value="/hr">
      <nete:forward>$1</nete:forward> </nete:case>

      If a user requests:

      The request is forwarded to:

      As the example specifies the $1 parameter, the /hr portion of the URI is omitted when the request is forwarded to

  • 3.  Re: SPS is adding an extra trailing string after authentication

    Posted Aug 17, 2018 12:11 PM

    Thank you Hubert for helping me understand how the proxyrules work with the $0 and $1.


    I was able to resolve the double /target issue by keeping the base server names in the proxyrules.xml and requesting in the browser. So /target gets appended to