Symantec Access Management

Tech Tip : CA Single Sign-On : CA Access Gateway (SPS) :: Identity Portal : User gets "Unauthorized Access".

  • 1.  Tech Tip : CA Single Sign-On : CA Access Gateway (SPS) :: Identity Portal : User gets "Unauthorized Access".

    Broadcom Employee
    Posted 04-18-2018 06:08 AM

    Issue:

     

    We're running CA Access Gateway (SPS) to protect Identity Portal, and
    once user gets authenitcated, user gets "Unauthorized Access" and
    cannot access the web site.

     

    Cause:

     

    CA Access Gateway (SPS) produces the headers, but send the request to
    the backend server in http. Then the backend server does a redirect to
    the CA Access Gateway (SPS) and this one send back the request to
    https.

    By the redirect, the headers won't be sent again, and this is why you
    don't see them on the test header page.

    You've configured the proxyrules.xml to send the request to https, but
    then the CA Access Gateway (SPS) doesn't handle the request properly
    and return an error.

    Resolution:

     

    In order for the CA Access Gateway (SPS) to be able to handle backend
    server connection in SSL you need to configure it to do so.

    Configure Client Certificate Authentication
    https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configuring-ssl-for-ca-access-gateway/configuring-ssl-on-httpclient-noodle-manually

     

     

    KB : KB000091863