Layer 7 Access Management

Expand all | Collapse all

Issue in ignoring extension by Siteminder

  • 1.  Issue in ignoring extension by Siteminder

    Posted 07-09-2019 03:15 PM
    Hello Experts,
    In our application, we have enabled ACO parameters to ignore the extensions like js, and few others.
    Now when the application URL is https://appliancesxyz.js, it is ignored however when this URL becomes https://appliancesxyz.js?abc=12345 it doesn't get ignored and challenge is thrown.
    Could you please let me know what can be done on siteminder side to ignore the URL even if something is suffixed after the declared URL.

    Regards
    Satyendra


  • 2.  RE: Issue in ignoring extension by Siteminder

    Posted 07-16-2019 07:29 AM
    Hello,
    Can anybody reply on this?


  • 3.  RE: Issue in ignoring extension by Siteminder

    Posted 07-17-2019 10:12 AM
    did you try this agent config parameter

    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.

    Regards,
    Julien


  • 4.  RE: Issue in ignoring extension by Siteminder

    Posted 07-17-2019 10:12 AM
    try :

    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.

    Julien.


  • 5.  RE: Issue in ignoring extension by Siteminder

    Posted 07-17-2019 10:13 AM
    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.




  • 6.  RE: Issue in ignoring extension by Siteminder

    Posted 07-17-2019 10:24 AM
    Thanks for the reply.
    however we have set "IgnoreQueryParameter" as Yes


  • 7.  RE: Issue in ignoring extension by Siteminder

    Posted 07-19-2019 03:21 AM
    Hi Satyendra,

    Looking at the URLs, it look likes your may be trying to ignorehost not URL.
    IgnoreExt works no URL not host name.. Looking at the urls.  https://appliancesxyz.js and  https://appliancesxyz.js?abc=12345  are looking hostname ignoring.

    Please enable agent trace log and check the below log  pattern of string for the urls. look for the string with "Resolved URL: " what is used for ignoreExt. This will give some clue. why its failing.

    ][CSmHttpPlugin::ProcessResource][Resolved URL: '/proxyui/test.js'.]
    ][CSmHttpPlugin::AutoAuthorizedUrl][Auto-authorizing resource, matches IgnoreExt filter.]
    ][CSmHttpPlugin::ProcessResource][Autoauthorizing URL : 'http://testhost.test.net/proxyui/test.js' , Method: 'GET' ]

    If / is coming, that implies//  hostname is ignore and you may have to use ignoreHost  aco.
    http://testhost.test.net.js/

    If the intention is to ignore hostname. please check with ignoreHost ACO parameter if this helps.
    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/configure-virtual-servers#ConfigureVirtualServers-SpecifyVirtualServersfortheWebAgenttoIgnore

    Thanks
    -Kishore Gaddam



  • 8.  RE: Issue in ignoring extension by Siteminder

    Posted 07-22-2019 01:21 PM
    Hello Kishore,
    Thanks for the reply.
    However IgnoreHost will ignore the entire URL irrespective of resources(which means it would be as good as unprotected), however our intention is to just ignore the URLs having extenstions (.js In this case) and any query parameter afterwards.
    I will also check on webagent logs, meanwhile, if you think something else might be wrong, Do suggest.

    Regards
    Satyendra