Resource inside application server Tomcat
Article ID: 108977
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
I'm running CA Access Gateway (SPS), and I would like to create a
resource like proxyui inside the embedded server Tomcat. I would like
to start my customlogin.fcc page with another resource. Which steps I
have to follow ? Is possible ? Or is it necessary to create a WAR and
put inside the CA Access Gateway (SPS) Tomcat server in the
Tomcat/webapp folder ?
Environment
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:
Component:
Resolution
First you need to know that CA Access Gateway (SPS) doesn't support
local content :
Product Limitations
"CA Access Gateway does not support local content. The ability to place
content on CA Access Gateway is not exposed, and CA Access Gateway
does not support proxy rules for providing access to local content."
https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-architecture-introduced
In order to protect your application with a custom authentication
scheme, you have to run the application on a backend server, and
configure the protection on the SPS and placing the custom
authentication scheme at the same place of the login.fcc.
To illustrate :
Your application runs on
http://backend.mydomain.com/myapp
You configure the proxyrule to relay
http://mysps.mydomain.com/myapp
to
http://backend.mydomain.com/myapp
Then you place the taftlogin.fcc in the same folder as per the
login.fcc on the SPS server.
Then you protect your application defining the realm :
/myapp
And then when the user will hit http://mysps.mydomain.com/myapp, it
will be redirected to
http://mysps.mydomain.com/siteminderagent/forms/taftlogin.fcc
and once successfully authenticated and authorized, the request will
go to http://backend.mydomain.com/myapp, and the reply will appear in
the user browser as
http://mysps.mydomain.com/myapp
local content :
Product Limitations
"CA Access Gateway does not support local content. The ability to place
content on CA Access Gateway is not exposed, and CA Access Gateway
does not support proxy rules for providing access to local content."
https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-architecture-introduced
In order to protect your application with a custom authentication
scheme, you have to run the application on a backend server, and
configure the protection on the SPS and placing the custom
authentication scheme at the same place of the login.fcc.
To illustrate :
Your application runs on
http://backend.mydomain.com/myapp
You configure the proxyrule to relay
http://mysps.mydomain.com/myapp
to
http://backend.mydomain.com/myapp
Then you place the taftlogin.fcc in the same folder as per the
login.fcc on the SPS server.
Then you protect your application defining the realm :
/myapp
And then when the user will hit http://mysps.mydomain.com/myapp, it
will be redirected to
http://mysps.mydomain.com/siteminderagent/forms/taftlogin.fcc
and once successfully authenticated and authorized, the request will
go to http://backend.mydomain.com/myapp, and the reply will appear in
the user browser as
http://mysps.mydomain.com/myapp
Feedback
Yes
No
Powered by
