Redirection errors when connecting through IBM Webseal
A single sign on utilizing IBM Webseal Junctions is set up. When submitting various forms in flows in the application, the browser adds an additional path to the URL request, which returns a 404 error.
When browsing the system, eventually on a HTTP POST event, the browser will request https://webseal.server/junction/junction/prweb/PRServlet. Notice the extra /junction in the URL, which does not exist on the Pega server. This causes a 404 error message.
No errors are posted to the PegaRules.log file
Steps to Reproduce
1. Set up a webseal junction that points to a Pega application. For example, webseal.server/junction. Junction points to a load balanced IP address.
2. Load balancer sets a Set-ContextURI header, configured to https://webseal.server/junction/prweb.
3. Navigate to system through https://webseal.server/junction/prweb/PRServlet.
4. When browsing the system, eventually on a HTTP POST event, the browser will request https://webseal.server/junction/junction/prweb/PRServlet. Notice the extra /junction in the URL, which does not exist on the pega server. This causes a 404 error message.
The root cause of this problem is in a third-party product. The creation of WebSEAL cookie junctions was causing all of the problems. Switching to using transparent junctions resolves most of the issues. However, when some the "-J" options remained in the command to create the transparent junction and this caused the following script to be appended to each PRPC test or HTML response:
document.cookie = "IV_JCT=%2Fjunc; path=/";
This caused issues with PRPC JSON processing. Once the junction was added without the "-J" option, the problems with PRPC JSON processing was resolved.
Refer to the following PDN article:
Published June 8, 2016 - Updated October 8, 2020
Was this useful?
0% found this useful
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.