search cancel

How and when you can use Multiple Virtual Hosts each with a different ACO setting.

book

Article ID: 42204

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Introduction: 

N/A

Question: 

You are looking to establish the following: 

Apache -- 2 vhosts -- both pointing to their on ACO -- having their own agent and Policies as well. 

NOTE: You need to separate the ACO and not just AgentName within 1 ACO. You have 2 separate entry channels (domain1.com and Domain2.com) and they need to have different ACO settings. 

Environment:  

Policy Server: 12.51; Update: 00.05; Build: 1232; CR: 05 

Policy Server OS: Windows Server 2008 r2 

SiteMinder APACHE 2.2 WebAgent, Version 12.5, Update HF-01, Label 813. 

Agent OS: RHEL6 

Answer: 

It is dependent on how the WebServer is configured, if it is a single WebServer instances e.g. IIS or single Apache Instance (single httpd.conf) - then you could only have one ACO.

 IIS is an exception in that there could be only one ACO. Only one WebAgent could be configured with IIS till date. There is an enhancement request being worked upon to allow using multiple ACOs on IIS.

 In Apache, you can create multiple instances of Apache using a single install of Apache. Thus, there is an httpd.conf per instance of Apache. You could now map a unique WebAgent.conf (with a unique ACO in each) to each httpd.conf. Each httpd.conf could be an independent WebSite (e.g. abc.com or xyz.com).

For SSO you definitely need a Cookie Provider. All WebAgents can act as a CookieProvider. It is only a matter of designating one as the Cookie Provider and then pointing all other WebAgent which need to be in SSO to that CookieProvider.

 

Note - A virtual host will not support different ACO but Apache instance will.

          Running an Vhost configuration with separate ACO can cause anomalies.

 

Additional Information:

N/A

 

 

Environment

Release:
Component: SMAPC