We are looking to establish the following:
Apache -- 2 vhosts -- both pointing to their own ACO setting with their own agent and Policies as well.
NOTE: We need separate ACO and not just AgentName with 1 ACO. We have 2 separate entry channels (domain1.com and Domain2.com) and they need to have different ACO settings.
Policy Server: 12.51; Update: 00.05; Build: 1232; CR: 05 Policy Server OS: Windows Server 2008 r2 SiteMinder APACHE 2.2 WebAgent, Version 12.5, Update HF-01, Label 813. Agent OS: RHEL6
It is dependent on how the web server is configured if it's a single Web Server instances e.g. Apache Instance (single httpd.conf) you could only have one ACO configured.
Apache we can create multiple instances of Apache using a single install of Apache. Thus, there is an httpd.conf per instance of Apache.
We could now map a unique WebAgent.conf (with a unique ACO in each) to each httpd.conf. Each httpd.conf could be an independent WebSite (e.g. abc.com or xyz.com).
- A virtual host will not support different ACO but Apache instance will.
- The server Path within each WebAgent.conf has to be Unique so the Shared memory and Semaphore do not overlap.
- Running Vhost configuration with separate ACO can cause anomalies.
To SSO between the two domain you will need to configure Security zones or Cookie provider:
All Web Agents can act as a CookieProvider. It is only a matter of designating one to act as the Cookie Provider. Pointing all other Web Agent to that CookieProvider.
For more info:
Using a Cookie Provider for Cross Domain SSO - CA Technologies
For more info:
Security Zones for Single Sign-on