AdminUI accessed through VIP

book

Article ID: 193205

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running an AdminUI behind a VIP and the AdminUI transforms the URL
back to the server one FQDN and not the VIP as per the following :

  - We access https://vip.mydomain.com:11111/iam/siteminder/console/
  - Browser receives a 301 to https://adminui.mydomain.com:11111/iam/siteminder/console/

and the console cannot load properly.

We'd like to know how to make the AdminUI to return always the
vip.mydomain.com FQDN instead of the adminui.mydomain.com ?

 

Environment

 

AdminUI 12.8SP3 on RedHat 7;

 

Resolution

 

At first glance, the only Reverse Proxy configuration is setting a Web
Agent Reverse Proxy in front of the AdminUI which will require to
protect the AdminUI with SiteMinder and Admin Store as per
documentation :

Protect the Administrative UI with CA Single Sign-On

  Set up a Proxy Server to Forward Requests to the UI

  Configure one of the following proxy servers to access the
  Administrative UI:

  CA Access Gateway

  An Apache reverse proxy server that is protected by an Apache Web
  Agent

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/start-the-administrative-ui-and-manage-objects/protect-the-administrative-ui-with-ca-single-sign-on.html

As such, AdminUI standalone has no implementation for modifying the
FQDN of the url it produced. Maybe the VIP is able to Reverse Proxy
configuration ? If not, we would suggest you to implement the above
solution.