Layer 7 Access Management

Tech Tip : CA Single Sign-On : Single Sign On Siteminder - Issue HTTP Header + Post

  • 1.  Tech Tip : CA Single Sign-On : Single Sign On Siteminder - Issue HTTP Header + Post

    Posted 11-06-2018 04:38 AM

    Issue:

     

    We're running a Web Agent and when the form html page send headers
    as :

     

    <form method="post" action="https://mymachine.mydomain.com/search.do">
    <input type="hidden" name="userid" value="<%=uid%>">
    <input type="hidden" name="myvariable1" value="<%=myvariable1%>"/>
    <input type="hidden" name="myvariable2" value="<%=myvariable2%>"/>
    </form>

     

    the headers and values for userid, myvariable1, myvariable12, aren't
    reaching the target page https://mymachine.mydomain.com/search.do. So

    that pages reports the values as null.

     

    I'd like to know why.

     

    Cause:

     

    From the Fiddler traces, we see the header passed to the back end
    server on a POST action. But the server replies with return code 301
    to make the URL https instead of http. This redirection is culprit of
    the lost of the header values.

     

    You should take note of the following. If you POST header to a page,
    the next redirected page won't get these headers. Only the page you
    POST to will have.

     

    Apache 301 Redirect and preserving post data

     

    "POST data is discarded on redirect as a client will perform a GET
    request to the URL specified by the 301. Period."

     

    https://stackoverflow.com/questions/13628831/apache-301-redirect-and-preserving-post-data

     

    Resolution:

     

    Configure your Web Server in order to accept only https requests in
    order to avoid the 301 return code to solve this issue.

     

    KB : KB000119972