Symantec Access Management

 View Only
  • 1.  Issue in ignoring extension by Siteminder

    Posted Jul 09, 2019 03:15 PM
    Hello Experts,
    In our application, we have enabled ACO parameters to ignore the extensions like js, and few others.
    Now when the application URL is https://appliancesxyz.js, it is ignored however when this URL becomes https://appliancesxyz.js?abc=12345 it doesn't get ignored and challenge is thrown.
    Could you please let me know what can be done on siteminder side to ignore the URL even if something is suffixed after the declared URL.

    Regards
    Satyendra


  • 2.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 16, 2019 07:29 AM
    Hello,
    Can anybody reply on this?


  • 3.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 17, 2019 10:12 AM
    did you try this agent config parameter

    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.

    Regards,
    Julien


  • 4.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 17, 2019 10:12 AM
    try :

    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.

    Julien.


  • 5.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 17, 2019 10:13 AM
    IgnoreQueryData No

    If set, the agent caches the entire URL (including the query strings) and sends the entire URI to the Policy Server for rule processing. See Ignore Query Data.




  • 6.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 17, 2019 10:24 AM
    Thanks for the reply.
    however we have set "IgnoreQueryParameter" as Yes


  • 7.  RE: Issue in ignoring extension by Siteminder
    Best Answer

    Broadcom Employee
    Posted Jul 19, 2019 03:21 AM
    Hi Satyendra,

    Looking at the URLs, it look likes your may be trying to ignorehost not URL.
    IgnoreExt works no URL not host name.. Looking at the urls.  https://appliancesxyz.js and  https://appliancesxyz.js?abc=12345  are looking hostname ignoring.

    Please enable agent trace log and check the below log  pattern of string for the urls. look for the string with "Resolved URL: " what is used for ignoreExt. This will give some clue. why its failing.

    ][CSmHttpPlugin::ProcessResource][Resolved URL: '/proxyui/test.js'.]
    ][CSmHttpPlugin::AutoAuthorizedUrl][Auto-authorizing resource, matches IgnoreExt filter.]
    ][CSmHttpPlugin::ProcessResource][Autoauthorizing URL : 'http://testhost.test.net/proxyui/test.js' , Method: 'GET' ]

    If / is coming, that implies//  hostname is ignore and you may have to use ignoreHost  aco.
    http://testhost.test.net.js/

    If the intention is to ignore hostname. please check with ignoreHost ACO parameter if this helps.
    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/web-agent-configuration/configure-virtual-servers#ConfigureVirtualServers-SpecifyVirtualServersfortheWebAgenttoIgnore

    Thanks
    -Kishore Gaddam



  • 8.  RE: Issue in ignoring extension by Siteminder

    Posted Jul 22, 2019 01:21 PM
    Hello Kishore,
    Thanks for the reply.
    However IgnoreHost will ignore the entire URL irrespective of resources(which means it would be as good as unprotected), however our intention is to just ignore the URLs having extenstions (.js In this case) and any query parameter afterwards.
    I will also check on webagent logs, meanwhile, if you think something else might be wrong, Do suggest.

    Regards
    Satyendra