We're running CA Access Gateway (SPS) to protect Identity Portal, andonce user gets authenitcated, user gets "Unauthorized Access" andcannot access the web site.
CA Access Gateway (SPS) produces the headers, but send the request tothe backend server in http. Then the backend server does a redirect tothe CA Access Gateway (SPS) and this one send back the request tohttps.
By the redirect, the headers won't be sent again, and this is why youdon't see them on the test header page.
You've configured the proxyrules.xml to send the request to https, butthen the CA Access Gateway (SPS) doesn't handle the request properlyand return an error.Resolution:
In order for the CA Access Gateway (SPS) to be able to handle backendserver connection in SSL you need to configure it to do so.
Configure Client Certificate Authenticationhttps://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configuring-ssl-for-ca-access-gateway/configuring-ssl-on-httpclient-noodle-manually
KB : KB000091863