The following article concerns whether it is possible to set up the following environment.

- Apache web server with 2 Virtual Hosts.
- Each Virtual Host should be able to use its own ACO, agent, and policies.

To clarify further, this article concerns using separate ACOs for each virtual server, and not just a single ACO with different ACO parameters.

Two separate entry channels are needed in this scenario (e.g. example.com and example.net) with different ACO settings.

Policy Server Version: ALL SUPPORTED VERSIONS
Web Agent Version: 12.52.xx and 12.8

Whether it is possible to set this up will depend on how the web server is configured

- If there is a single Web Server instance (e.g. a single Apache instance or single httpd.conf), administrator can only have one ACO defined. Such would be the case if administrator define several virtual hosts in Apache
- However, Apache can create multiple instances within one single installation, and in this case there would be an httpd.conf for each Apache instance. In this situation one could map a unique WebAgent.conf (with a unique ACO) for each httpd.conf. Each httpd.conf could be an independent Web site (e.g. example.conf or example.net)

In summary:

- A virtual host will not support different ACOs, but an Apache instance will.
- The Server Path within each WebAgent.conf must be unique so that shared memory and semaphores do not overlap.
- Running a Vhost configuration with separate ACOs can cause anomalies.

To SSO between the two domain administrator will need to configure Security zones or Cookie provider:

All Web Agents can act as a CookieProvider. It is only a matter of designating one to act as the Cookie Provider. Point all other Web Agents to that CookieProvider.

For more information see:

Using a Cookie Provider for Cross Domain SSO - CA Technologies

Security Zones for Single Sign-on