Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Troubleshooting 'Rule Not Found' and other DHTML issues with CA SiteMinder and domain-level cookies

Updated on September 25, 2019

Summary

In PRPC applications containing sections with fields designed with OnChange behavior set to Refresh this Section, you sometimes see the ReloadHarness activity called instead of the ReloadSection activity. The pre-activity you specify for the ReloadSection activity does not fire properly because the system is looking for the activity in the class of the harness, not the section, and returning a Rule Not Found exception.

This problem occurs when PRPC environments are configured with CA Siteminder for SSO and authentication with domain-level cookies only.

Explanation

This is an example of the unexpected issues with Dynamic HTML functionality in PRPC that can occur when using SiteMinder for secure single sign-on (SSO) and authentication if the SessionUpdatePeriod setting in the SiteMinder Agent configuration is set too low.

SessionUpdatePeriod specifies how often (in seconds) a Web Agent redirects a request to the cookie provider to set a new cookie. Refreshing the master cookie decreases the possibility that it will expire because of an idle timeout of the SiteMinder session. The default setting is 60 seconds.

With the SessionUpdatePeriod in the SiteMinder agent set to 60 seconds, SiteMinder requests a new domain-level cookie. In a POST request, SiteMinder has to send back the POST data handler to update the domain level with the new cookie.

Suggested Approach

If you are using SiteMinder for SSO and authentication, you need to ensure that the SessionUpdatePeriod setting in the SiteMinder Agent configuration is longer than the idle timeout setting.

SessionUpdatePeriod='<LONGER THAN IDLE TIMEOUT>'

PRPC will not support the SiteMinder POST data handler content within its dynamic user interface. The content of the SiteMinder POST data handler can only be run from within a window object, and it is not AJAX compatible.

To set the idle timeout, see the Help topic, Declare Pages - Completing the Advanced tab.

Example of SiteMinder POST Data Handler Content

PRPC will not support any dynamic HTML functionality if the SiteMinder content shown below is present.

<HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">This page holds your data while you are being authorized for your request.

You will be forwarded to continue the authorization process. If this does not happen automatically, click the Continue button below. <FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION="https://docs-previous.pega.com/SOME_LARGE_URL">

[Form Data]

....

</HTML>

Contact SiteMinder Support if you have trouble preventing the POST Data Handler from being run in your environment.

Additional Information

Security Overview

Tags

Pega Platform 6.2 SP2 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us