Symantec Access Management

 View Only
  • 1.  AFM Landing URL comparison in arcotafm.properties and shim.ini

    Broadcom Employee
    Posted Jun 16, 2018 07:16 PM

    CA SSO integration with multiple profiles are not working as afmLandingURL in arcotafm.properties parameter comparison with policy server AA shim.ini profile specific afmLandingPage. We tried all below scenarios but authentication is failing.

     

    - Keeping afmLandingURL in arcotafm.properties file and profile specific value in shim.ini file same it is working fine but we should be able to use only one profile, we can not use multiple profiles.

    - Keeping afmLanding URL without profile query parameter on both (arcotafm.properties and shim.ini) is failing at AFM landing page itself as profile name is not present.

    - Keeping afmLanding URL without profile name in arcotafm.properties file and with profile name in shim.ini still failing at authentication with error message that the landing url does not match.

    - Removing afmLanding URL in arcotafm.properties and keeping the profile specific arcotafmlanding URL in shim.ini failing

    authentication with error message that the landing url does not match. As afmlandingURL in arcotafm.properties is defaulting to HTTP request instead of HTTPS. Here Tomcat is application server and it is running on HTTP but the load balancer F5 before Tom cat is configured with HTTPS. AFM Landing URL is with Https via F5.

     

    With the current check of afmLanding URL in afm properties and shim properties we can use only one SSO profile actively. 

     

    Customer is not willing to do any customization at afm code.



  • 2.  Re: AFM Landing URL comparison in arcotafm.properties and shim.ini
    Best Answer

    Broadcom Employee
    Posted Jun 18, 2018 02:46 PM

    Hi Kiran, OOTB afmLandingURL can only be mentioned once so providing some value in this parameter may not be the solution. We will need to troubleshoot on why HTTPS is changing to HTTP.

     

    I will wait for other people from community to give their input and also would take look at the debug logs.

     

    thanks

    awijit 



  • 3.  Re: AFM Landing URL comparison in arcotafm.properties and shim.ini

    Broadcom Employee
    Posted Jun 20, 2018 09:28 AM


  • 4.  Re: AFM Landing URL comparison in arcotafm.properties and shim.ini

    Broadcom Employee
    Posted Jun 20, 2018 09:46 AM

    Hi Francesco,

     

    Yes, we know that little customization at AFM will make it work.

     

    But customer is not willing to change anything from Out of the box as they doe not have any Global Delivery contract and any changes in the core AFM source code will loose their support contract.



  • 5.  RE: Re: AFM Landing URL comparison in arcotafm.properties and shim.ini

    Posted Jul 15, 2020 06:46 AM
    Hi,

    Hi have the same issue. I want to use two profile (then i need two arcotAFMLandingURL, but  afmLandingURL can only be mentioned once in arcotafm.properties).
    The link mentioned above ( https://communities.ca.com/thread/241809009-managing-different-arcotafmlandingurl-in-arcot-adapter ) doesn't work anymore.
    So would anyone know how to do it?
    Thanks in advance
    Marco



  • 6.  Re: AFM Landing URL comparison in arcotafm.properties and shim.ini

    Broadcom Employee
    Posted Jun 20, 2018 11:58 AM

    The supported solution provided to me by support was to use an internal https connection.

    It means to let the customer to manage the internal certificate and the https configuration on tomcat. 

    It looked to me too complicated respect 2 lines of code (I can easily remove if support complains of them).



  • 7.  Re: AFM Landing URL comparison in arcotafm.properties and shim.ini

    Broadcom Employee
    Posted Jun 20, 2018 01:32 PM

    Thanks Francesco!

     

    Agreed small customization at AFM will work. I talked to customer and some how they are not ready to do any customization at AFM. Let me try again one more time.