Issue:
We're running CA Access Gateway (SPS) to protect Identity Portal, and
once user gets authenitcated, user gets "Unauthorized Access" and
cannot access the web site.
Cause:
CA Access Gateway (SPS) produces the headers, but send the request to
the backend server in http. Then the backend server does a redirect to
the CA Access Gateway (SPS) and this one send back the request to
https.
By the redirect, the headers won't be sent again, and this is why you
don't see them on the test header page.
You've configured the proxyrules.xml to send the request to https, but
then the CA Access Gateway (SPS) doesn't handle the request properly
and return an error.
Resolution:
In order for the CA Access Gateway (SPS) to be able to handle backend
server connection in SSL you need to configure it to do so.
Configure Client Certificate Authentication
https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configuring-ssl-for-ca-access-gateway/configuring-ssl-on-httpclient-noodle-manually
KB : KB000091863