Web Agent : Wildcard usage in AgentName ACO value

book

Article ID: 225385

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When running a Web Agent, can wildcard * in AgentName be used in order
to map any host to the single configuration ? This is to achieve the
business requirement to add "automatically" protection of new domain
without having to add manually the new domain in the AgentName ACO.

 

Resolution

 

At first glance, the AgentName ACO doesn't allow wildcards as * (1).

Reading the AgentName description further, the AgentName can map to IP
addresses like :

  Example: myagent1,192.168.0.0 (IPV4)
  Example: myagent2, 2001:DB8::/32 (IPV6)

As such, if the multiple domain names refer to the same IP address,
all domains with the same given IP Address will be protected.

Also, DefaultAgentName will be the default AgentName for any "not
found mapping" in AgentName. As such the unique value from
DefaultAgentName will be used.

So, may be a combination of AgentName mapping with unique IP Address
and a specific choice of the DefaultAgentName value might you help to
implement the requirement to add "automatically" protection of new
domain.

 

Additional Information

 

(1)

    AgentName

      Limits: Must contain 7-bit ASCII characters in the range of 32-127,
      and include one or more printable characters. Cannot contain the
      ampersand (&) and asterisk (*) characters

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/basic-agent-setup-and-policy-server-connections.html