Setting URLs generated by Federation Web Services to use "https" instead of "http".

Document ID : KB000024859
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

When Federation Web Services (affwebservices) is deployed behind an SSL accelerator how do I set the URLs, such as the SMPORTAL URL to use https://FQDN:443 when the web server is not running SSL. For my web agent I can set "GetPortFromHeaders=Yes" and "HTTPPorts" but this does not cause URLs generated by FWS to use the secure port.

Environment:

Policy Server 12.0 SP3

Webagent + Webagent Option Pack 12.0SP3

Resolution:

The GetPortFromHeader and HTTPSPorts parameters are not read by Federation Web Services. Only nine possible agent parameters are used by FWS and the rest are ignored.

However, you can accomplish what you want by having the SMPORTAL URL use "https:domain.com:443" and then using the "Proxy Server" setting. This is configured in the SAML Service Provider properties under the Advanced tab. The protocol, FQDN and port entered into the Server field of the Proxy group box will be used for URLs created by the Single Sign On Service and other Federation services.

Additional Information:

You can find this documented in the Federation Security Services Guide, Chapter 12. "Configure Request Processing with a Proxy Server." (12SP3 documentation)

https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/ConfigureRequestProcessingwithaProxyServer.html