If you have created copies of oauth.jsp, openid.jsp, or forms.jsp, the installer will not upgrade those copies. Some administrators use copies of oauth.jsp as Resource Filters for the realm to redirect to the launch url of the application. CA CloudMinder has changed the implementation of oauth.jsp, openid.jsp, and forms.jsp. Therefore, you cannot access the User Console when logging in with an authmethod if the corresponding CA SiteMinder realm uses a copy of these JSPs as a resource filter.
This problem can be solved in one of two ways:
/chs/redirect/<tenantname>/<uniqueNameToIdentifyTheRealm>
For example, if the tenant name is Forwardinc, and the realm is used to authenticate users with Facebook, the new resource filter for the realm could be:
/chs/redirect/forwardinc/facebook
Keeping the realms intact
If you support a tenant that is using Oauth, perform these steps on each Secure Proxy Server:
cd /opt/CA/secure-proxy/Tomcat/webapps/affwebservices/redirectjsp
mv oauth-google.jsp oauth-google.jsp.orig mv oauth-facebook.jsp oauth-facebook.jsp.orig
cp oauth.jsp oauth-google.jsp cp oauth.jsp oauth-facebook.jsp
If your external and internal hostnames are different for your Secure Proxy Server system, edit the server.conf file on the Secure Proxy Server system. Change this file to list both the internal and external hostnames for redirects.
redirectrewritablehostnames=<internal hostname>
Replace this line with the following line:
redirectrewritablehostnames=<internal hostname, external hostname>
service S98sps stop service S98sps startssl
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|