When running CA Access Gateway (SPS), how to configure it to use a Proxy when reaching the VIP Authhub?
This Proxy access will be in use in sequence 13 from the documentation (1):
"Sends Authorization Code in POST REST API (backchannel) request for id_token"
This functionality is not yet available in the official SiteMinder version 12.8SP7.
Internal build allows the CA Access Gateway (SPS) to reach AuthHub through a Proxy. Internal documentation gives instructions to configure "Use Proxy for Administrative UI Communication" and "Use Proxy for Access Gateway Communication" with that unique build (2).
The internal build is available here:
Upgrade all the components to this build number. Upgrade the Policy Store too.
Another option is making the other path publicly available as well, but adding WAF rules to restrict source IP to CA Access Gateway (SPS)'s IP addresses. Update the Firewall to allow CA Access Gateway (SPS)'s IP to access ELB's IP, but this would be covered by WAF.