Idea Details

CA SSO : SPS Custom Error Pages Design Re-architecture.

Last activity 12-17-2016 09:12 AM
HubertDennis's profile image
03-08-2016 04:32 PM

The current design of Custom Error Pages on SPS very very difficult and not thought through on paper.

 

From a documentation perspective, this is what we have Configure the Custom Error Pages Settings - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation

 

However it is unclear what components within the Secure Proxy Server does this configuration impact.

 

From an extensive research we did for a Customer, we found that the implementation model for the current Custom Error Pages is quite cumbersome task to implement.

 

I am going to explain this with one use case of 404 Page not found.

 

404 Page not found can occur within different layers of Secure Proxy Server.

 

  1. Apache WebServer Layer i.e. via JkUnMount.
  2. Anything which JkUnMount does not handled is handled via the ProxyEngine.
  3. WebApps layer within Tomcat e.g. affwebservices.

 

Our recent investigations found that following.

 

  • The Custom Error Page settings in SPS ProxyUI / Server.conf is only applicable to ProxyEngine Layer.
  • The Custom Error Page settings in SPS ProxyUI / Server.conf is not applicable to resources being served off Apache WebServer using JkUnMount (static HTML pages and images).
  • The Custom Error Page settings in SPS ProxyUI / Server.conf is not applicable to 404 message being sparked off by a WebApp at Tomcat layer e.g. affwebservices.

 

Therefore we have manually go and update 3 different places to handle 404 Custom Error Pages.

 

Apache WebServer.... httpd.conf : This is not updated by the ProxyUI

 

# Some examples:

#ErrorDocument 500 "The server made a boo boo."

#ErrorDocument 404 /missing.html

#ErrorDocument 404 "/cgi-bin/missing_handler.pl"

#ErrorDocument 402 http://www.example.com/subscription_info.html

 

ProxyEngine Layer.... *.properties files in Tomcat/properties folder : This is updated by the ProxyUI

 

 

Individual WebApps e.g. Affwebservices web.xml : This is not updated by the ProxyUI

Re: CA SPS Custom Tomcat Error Pages

 

"At present SPS is not handling the error page redirection this needs to be done manually with following configuration change in

     (<SPS_installation_dir>\Tomcat\webapps\affwebservices\WEB-INF\web.xml)

     Please be sure to make a backup before making this change.

     Please modify web.xml in affwebservices deployment to include information like below in specific xml content under <web-app> element

     <error-page>

       <error-code>500</error-code>

       <location>500 error specific page path</location> </error-page>

     <error-page>

       <error-code>404</error-code>

       <location>404 error specific page path</location> </error-page>

     <error-page>

       <error-code>403</error-code>

       <location>403 error specific page path</location> </error-page>

     ....

     ....

     before doing above modification stop application server where affwebservices were deployed (i.e SPS )

     After performing modification start application server where affwebservices were deployed (i.e SPS ).

 

 

SecureProxyServer is one component, therefore why does it feel it is so disjoint. Could it not be made better by referring all of the error pages to one central location under one central configuration. Therefore irrespective of which component OR code throws a 404, it has to refer back to a central configuration for 404. I as an Admin should not be tinkering at different places / each webapps in SPS to configure a 404 custom error response. This is not a good design, is very error prone, cumbersome and makes a wonderful product look non user friendly to configure.

 

Could it not be made better by exposing a container space within the SPS for error pages OR does the actual pages themselves need to be deployed outside the SPS somewhere else. Because though I know how to deploy a HTML page within SPS at the Apache layer using JkUnMount OR at the Tomcat layer using ContextPath - we don't seem to define a supported configuration for deployment of Error Pages themselves within SPS.

 

 

 

Regards

 

Hubert


Comments

04-22-2016 12:43 PM

I was also running into similar issue.

Also, Documentroot setting is also so confusing, As Hubert mentioned, Secureproxyserver is a single component, then why are we having two different DocumentRoot settings. And there are no clear guide lines for keeping public pages(login pages with css, images, js and error pages) on the server.

 

***************httpd.conf**************

DocumentRoot "/opt/app/CA/secure-proxy/httpd/htdocs"

****************server.conf*************

document_root="../../proxy-engine/examples"

03-22-2016 07:04 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team is reviewing your enhancement suggestion. The Community will continue to be able to vote on this enhancement idea.