Symantec Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Tech Tip : CA Single Sign-On : POST Parameter as FORM POST Variable doesn't show up on the target page

  • 1.  Tech Tip : CA Single Sign-On : POST Parameter as FORM POST Variable doesn't show up on the target page

    Broadcom Employee
    Posted Jan 23, 2018 07:30 AM

    Issue:

     

    We're running Web Agent, and we set the .fcc login page to pass a custom value from the HTML form field to the Policy Server in order for this one to pass it to the backend server. But on the backend server, we don't see any value for the custom header. How can we fix this?

     

    Environment:

     

    Policy Server R12.52 SP1 CR04 on RedHat 6 64bit; Policy Server JDK 1.7.0_80 32bit; Web Agent R12.52 SP1 CR04 on Apache 2.4.20 on RedHat 64bit; Web Agent Option Pack R12.52 SP1 CR04 RedHat 64bit;

     

    Resolution:

     

    Upgrade the Policy Server to R12.52 SP1 CR09 to benefit of the fix included to solve this. You should note that :

    - The POSTed variable and its value can only be used out of the box for authorization purpose, and you do need to configure a response to send that variable and value pair to the backend targerted page.

    - The authentication phase should be handled separately, so the POST value cannot be used for Authentication.

    - For the POST data, here is a sample of a configuration. That should work in your environment with the fix in place:

    The page that will POST the data to the .fcc :

    init.html

     

    <html>
    <body>
    <form action="myprotected/allheaders.php" method="post">
    my mygid: <input type="text" name="MYGID" id="MYGID" size="20">
    <input type="submit" value="Submit"></input>
    </form>
    </body>
    </html>

     

    In the AdminUI, add the following 2 Variables to the Domain :

     

    | Name | Variable Type | Value |
    |------------+---------------+-------|
    | mynewmygid | Form Post | MYGID |
    | staticvar | Static String | ok |

     

    Then set a Policy Expression within the Policy Configuration :

     

    Policy Expression (mynewmygid==staticvar)

     

    And set a Response in order to send the value back to the backend server :

     

    WebAgent-HTTP-Header-Variable

     

    | Attribute | Value |
    |---------------------+---------------------|
    | Attribute Kind | Variable Definition |
    | Variable Name | respvar |
    | Variable Definition | mynewmygid |

     

    as resulting Script :

    respvar=<@ lib="smjavaapi" func="JavaActiveExpression" param="com.netegrity.scriptevaluation.scriptactiveexpression.ActiveVariable mynewmygid" @>

     

    Then, when I access with the browser to the init.html page, if I write "ok" in the "my mygid" field, then I get on the targeted protected page "myprotected/allheaders.php" the header as expected:

    respvar=ok

     

    If you want to pass any value, then you have to change the Policy Expression as (mynewmygid!=staticvar), any string will get accepted except the value of the static var "ok".

    KB : TEC1321938