Siteminder Integration with IME Callback URL
search cancel

Siteminder Integration with IME Callback URL


Article ID: 247324


Updated On:


CA Identity Suite


Background:  IM r14.3cp2 vApp with SiteMinder integrated with F5 / Apache Web Servers.   No tight integration on the vApp.

GOAL:  Use F5 URL to provide load balancing to all four (4) IME servers instead of a single IME host with the current failover configuration.

Current Documentation:

GAP:   No documentation on managing the IME Callback URL with https and siteminder.

Observation:  Using the debug log level with Provisioning Server configuration for the IM Manager Setup,  we see the redirect occur successful with https (using correct root certificates), when the URL is intercepted by Siteminder agent, the IME Callback fails and advances to the next failover URL in the list.


Request:   Process to integration with Siteminder projected URL with the IME Callback URL.  




Release : 14.3

Component :


This was discussed, there is nothing in our documentation that speaks to protecting the ETACALLBACK url with SSO.

it is protected by end to end encryption and requires a shared secret that is encrypted at time of installation.

My suggestion and agreed to and suggested by Alan is to follow:

I suspect we need to add a 2nd resource URL to the existing Siteminder domain.

  • Where the default proxy rule is the URI resource of:   /iam/im/*     to use NTLM authentication.
  • We would add a prior rule with the URI resource of:   /iam/im/ETACALLBACK/*   to not use NTLM authentication.