Problems to access Sentinel proctected by NAM after upgrading to version 8.2

Document ID:7023803
Creation Date:02-Apr-2019
Modified Date:02-Apr-2019
- Micro Focus Products:
  Access Manager (NAM)

Environment

Access Manager 4.4
Sentinel 8.2

Situation

Sentinel 8.2 listening on port 8443
Access Manager 4.4 Access Gateway configured to protect the Sentinel 8.2 web service
Different URL / references are using the internal Hostname and Port instead of the public Hostname and Port exposed by the Access Gateway

Resolution

Add the advanced Access Gateway Option: "RWOutboundHeaderQueryString on" to the proxy service protecting the Sentinel server. This will make sure that the rewriter process will parse the as well query parameters for any outgoing request and as well for the incoming location header on a HTTP 302 redirect

Cause

Sentinel uses a location header for a HTTP 302 redirect which includes URLs as query parameter. In the below case it s the "redirect_uri" parameter

HTTP/1.1 302 Found
Date: Tue, 26 Feb 2019 09:32:58 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Location: https://sent8.kgast.nam.com/sentinel/stig.jsp;jsessionid=1v8mm579ablb38wqh52pj2zy7?redirect_uri=https://sent8.kgast.nam.local:8443/sentinel/views/logon.html?landing%253Dapp
Set-Cookie: JSESSIONID=1v8mm579ablb38wqh52pj2zy7;Path=/sentinel;Secure;HttpOnly
Cache-Control: no-store
Cache-Control: no-cache
Via: 1.1 sent8.kgast.nam.com (Access Gateway-ag-AAAC28CD42E8B2C1-138534)
Content-Length: 0
Keep-Alive: timeout=300, max=98
Connection: Keep-Alive
Content-Type: text/html