Symantec Access Management

 View Only
  • 1.  Too many redirects after login

    Posted Aug 07, 2020 03:00 PM
    Hello All,
    we have an application integration with siteminder.
    when we login, it doesnt go to app page rather gives too many redirects.
    I tried to check for usesecurecookies , but that is also ok.
    What all can be the reason and how we can troubleshoot this?

    Thanks


  • 2.  RE: Too many redirects after login

    Broadcom Employee
    Posted Aug 07, 2020 03:37 PM

    Hi Satyendra,

    Is this application using either IWA as an authentication method?  I ask because this scenario most easily occurs with such an automatic login method where the user sees no login prompt.  If the user's session is not presented to the application for any reason and the application is protected by Siteminder, Siteminder will determine the user to be unauthenticated and will thus challenge the user for authentication.  With most other authentication schemes the user would see a prompt for credentials, but with IWA the re-authentication would be automatic and the browser would loop until the browser detects the condition and ceases the requests.

    There are probably other scenarios where this can happen (such as with a federation use case where the user is successfully authenticating, but their session is not valid when they are redirected back to the federation URL, and the loop begins).

    For troubleshooting, it's best to gather a Fiddler trace (or other http trace) and use that in conjunction with the web agent trace log to determine what Siteminder is doing and why it is doing it.

    Regards,
    Pete




  • 3.  RE: Too many redirects after login

    Posted Aug 10, 2020 08:50 AM
    Hello Pete,
    Thanks for the response.
    NO, its not IWA, its normal html forms based Auth Scheme.
    its not federation as well, its agent based application.
    For some reason, I see webagent trace log not getting generated, what can be the cause?
    I tried with developer tools in chrome and could see that its going to cookie provider but coming back again.
    Its not proceeding after that.
    Any thoughts?
    and thanks again for the reply


  • 4.  RE: Too many redirects after login

    Broadcom Employee
    Posted Aug 11, 2020 04:15 PM

    Hi Satyendra,

    With a cookie provider in place it seems the request is looping between the cookie provider and the protected application.  I don't know if the user is failing authentication or authorization at the protected application since the web agent's response would be the same in both situations: challenge the user for authentication.  Of course with a cookie provider in place and a valid session in the master cookie domain, the user will not see a prompt for authentication as long as the session in the master cookie domain is valid.  You will need to leverage the agent trace log to see if it is authentication or authorization that's failing.

    When enabling the web agent trace log, there are three ACO parameters that need to be configured: TraceFIle, TraceFileName, and TraceConfigFIle.  Assuming you've set TraceFile to 'yes', provided a valid path and name for TraceFileName, and pointed to the out of the box WebAgentTrace.conf file, the trace logging should work.  .Assuming the agent error log (agent log) is being generated, specifying a TraceFileName in the same folder eliminates potential permissions issues.


    Regards,
    Pete