How to Unprotect All Resources When Using Localhost or
search cancel

How to Unprotect All Resources When Using Localhost or


Article ID: 109991


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Some applications make a server to server call that may not work if the resource is protected and results in a challenge response to the call.  For this reason it would be beneficial to allow requests for http://localhost and/or to remain unprotected without affecting the currently protected resources.


Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP


The best way to address this use case is with the IgnoreHost ACO parameter.  Two additional ACO parameters are also needed to prevent the agent from transforming the incoming host name to a FQDN: ForceFQHost=no and DisableDNSLookup=yes

Additional Information

This also could be accomplished by defining agent names (using the AgentName ACO parameter) to the hosts you want to ignore and not assigning those agent names to any realms, however, this method results in the IsProtected call being made for these requests whereas using IgnoreHost skips the IsProtected call and is thus slightly more efficient.