CA Siteminder rejects mod_cluster MCMP requests due to absence of Host header

Solution Verified - Updated -

Issue

  • When mod_cluster.sar on JBoss attempts to talk to the Apache module on port 8000, SSO solutions such as Siteminder is detecting that no valid HOST header is being sent in the request, and rejects the request before it can get to the mod_cluster Apache modules with a Siteminder error 10-0004.  Is there a way to have the packets on port 8000 be accepted by siteminder by adding a HOST header.
  • SSO solution GetAccess needs HTTP 1.1 protocol for communications. If we forge a query to the web server without the Host header, it redirects us to the GetAccess validation page. But if the host header is included, the result is the same as the curl test (HTTP 200 response code).

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 5.1
  • JBoss Enterprise Web Server (EWS)
    • 1.0.x
      • Apache httpd 2.2.x
      • mod_cluster 1.0.x
  • Single Sign-On (SSO)
    • CA Siteminder
    • GetAccess

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content