search cancel

Multiple Virtual Hosts with different ACO setting.


Article ID: 15395


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are looking to establish the following: 

Apache -- 2 vhosts -- both pointing to their own ACO setting with their own agent and Policies as well. 

NOTE: We need separate ACO and not just AgentName with 1 ACO. We have 2 separate entry channels ( and and they need to have different ACO settings. 


Policy Server: 12.51; Update: 00.05; Build: 1232; CR: 05 Policy Server OS: Windows Server 2008 r2 SiteMinder APACHE 2.2 WebAgent, Version 12.5, Update HF-01, Label 813. Agent OS: RHEL6


It is dependent on how the web server is configured if it's a single Web Server instances e.g. Apache Instance (single httpd.conf) you could only have one ACO configured.


Apache we can create multiple instances of Apache using a single install of Apache. Thus, there is an httpd.conf per instance of Apache. 

We could now map a unique WebAgent.conf (with a unique ACO in each) to each httpd.conf. Each httpd.conf could be an independent WebSite (e.g. or


- A virtual host will not support different ACO but Apache instance will.

- The server Path within each WebAgent.conf has to be Unique so the Shared memory and Semaphore do not overlap.

- Running Vhost configuration with separate ACO can cause anomalies.

Additional Information

To SSO between the two domain you will need to configure Security zones or Cookie provider:


All Web Agents can act as a CookieProvider. It is only a matter of designating one to act as the Cookie Provider. Pointing all other Web Agent to that CookieProvider.


For more info:

Using a Cookie Provider for Cross Domain SSO - CA Technologies


For more info:

Security Zones for Single Sign-on