CA SSO integration with multiple profiles are not working as afmLandingURL in arcotafm.properties parameter comparison with policy server AA shim.ini profile specific afmLandingPage. We tried all below scenarios but authentication is failing.
- Keeping afmLandingURL in arcotafm.properties file and profile specific value in shim.ini file same it is working fine but we should be able to use only one profile, we can not use multiple profiles.
- Keeping afmLanding URL without profile query parameter on both (arcotafm.properties and shim.ini) is failing at AFM landing page itself as profile name is not present.
- Keeping afmLanding URL without profile name in arcotafm.properties file and with profile name in shim.ini still failing at authentication with error message that the landing url does not match.
- Removing afmLanding URL in arcotafm.properties and keeping the profile specific arcotafmlanding URL in shim.ini failing
authentication with error message that the landing url does not match. As afmlandingURL in arcotafm.properties is defaulting to HTTP request instead of HTTPS. Here Tomcat is application server and it is running on HTTP but the load balancer F5 before Tom cat is configured with HTTPS. AFM Landing URL is with Https via F5.
With the current check of afmLanding URL in afm properties and shim properties we can use only one SSO profile actively.
Customer is not willing to do any customization at afm code.