Issue:
We're running Web Agent on Apache Reverse Proxy, and when the
LoadModule libmod_sm24.so line to is set at the end of the
LoadModule list, then the WebAppClientResponse is not completely
processed and the request is sent to the backend server instead of
processing the file from the WebAppClientResponse.
The strace command reports the processing to open a connection to the
backend server :
the WebAppClientResponse response file code is :
{
"reason": "$$Reason$$",
"url": "$$URL$$"
}
and the thread open a connection after reading this file :
13:35:49 open("/www/web/siteminder_custom_response.json", O_RDONLY) = 12
13:35:49 fstat(12, {st_mode=S_IFREG|0644, st_size=49, ...}) = 0
13:35:49 read(12, "{\n \"reason\": \"$$Reason$$\",\n \"u"..., 49) = 49
13:35:49 bind(12, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
13:35:49 getsockname(12, {sa_family=AF_NETLINK, pid=38726, groups=00000000}, [12]) = 0
13:35:49 sendto(12, "\24\0\0\0\26\0\1\3\225 ^Y\0\0\0\0\0\0\0\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
13:35:49 recvmsg(12, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[
{"8\0\0\0\24\0\2\0\225 ^YF\227\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}],
msg_controllen=0, msg_flags=0}, 0) = 172
We would expect the Web Agent to read the WebAppClientResponse
response file and give the code to the browser as per this strace
snippet :
The WebAppClientResponse response file code :
<web20>
<siteminderreason>$$reason$$</siteminderreason>
<siteminderredirecturl>$$url$$</siteminderredirecturl>
</web20>
and the thread should write a header like this one :
06:57:10 open("/var/www/html/siteminder_custom_response.json", O_RDONLY) = 15
06:57:10 fstat(15, {st_mode=S_IFREG|055, st_size=121, ...}) = 0
06:57:10 read(15, "<web20>\n<siteminderreason>$$reas"..., 121) = 121
06:57:10 writev(12, [{"HTTP/1.1 200 OK\r\nDate: Thu, 06 J"..., 137},
{"<web20>\n<siteminderreason>Challe"..., 113}], 2) = 250
06:57:10 write(10, "130.119.150.229 - - [06/Jul/2017"..., 88) = 88
06:57:10 shutdown(12, 1 /* send */) = 0
Environment:
Web Agent 12.52SP1CR05 64bit On Apache 2.4 64bit on RedHat 6 64bit;
Policy Server : 12.52SP2CR01 on Windows 2012 R2;
Resolution:
This issue will be fixed in Web Agent 12.52SP1CR09.
You can also workaround the issue by setting LoadModule for
sm_module at the very top of the LoadModule list in the httpd.conf
like this :
LoadModule sm_module "/opt/CA/webagent/bin/libmod_sm24.so"
SmInitFile "/opt/apache2.4/conf/WebAgent.conf"
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
[...]
KB :