Symantec Access Management

 View Only
  • 1.  CA SSO differentiate between mobile and web server traffic

    Posted Dec 21, 2018 12:32 PM

    we are using CA SSO Access Gateway to provide federation. Is there any way it can differentiate between the mobile or web browser traffic.

     

    If yes then please suggest how ?



  • 2.  Re: CA SSO differentiate between mobile and web server traffic

    Posted Dec 27, 2018 11:06 AM

    Since I haven't seen anyone else reply, I'll toss this out there in case it helps - unfortunately I can't confirm if it works or not since we don't use the CA Access Gateway (we use API Gateway).

     

    The docs here indicate you can use HTTP Header, which would include the user-agent, to write rules on: Configure Proxy Rules Manually - CA Single Sign-On - 12.7 - CA Technologies Documentation 

    -----------------

    <nete:cond type="header" headername="USER_AGENT">

    This element indicates that a header is used, and that USER_AGENT is the header to be evaluated.

    -----------------

     

    If you can queue off that condition, then you'd just need to identify the different user agent strings you want to handle - or broad "mobile" I think should catch most - and write the appropriate action based on it (e.g., redirect to https://m.someapp/ ). 



  • 3.  Re: CA SSO differentiate between mobile and web server traffic

    Posted Dec 31, 2018 05:58 AM

    Is there any way same can be implemented on Web Agent Option Pack. Instead of CA Access Gateway we are making use of webagent option pack



  • 4.  Re: CA SSO differentiate between mobile and web server traffic

    Posted Dec 31, 2018 01:09 PM

    How it is done would depend on the web server you are using but IIS and Apache should be able to do it.

     

    On our IIS boxes we use URL Rewrite rules to queue off user-agent and just make some decision on what to do with. This occurs prior to it getting into the WAOP. So if it's a mobile browser for example, we bypass the "kerberos" flow etc.

     

    Apache should be able to do similar with a rewritecond as well. Lots of how-tos out there for it should be able to turn a few up with a quick search.