CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We'd like to understand how works the CA Access Gateway (SPS) in comparision with the Web Agent. When there isn't an agent on the external webserver, the user should go to the CA Access Gatway instead. So it looks like the IP-address of the URL corresponding to the website should be changed to an address which is recognized by our CA Access Gateway on which rules for this website are defined which controls the authenication and autorisation of the website. If the authentiaction is accepted then the user must be redirected to the external website otherwise the user is rejected.
Is this the correct implementation for protecting an external website with CA Access Gateway instead of using a webagent?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP Component:
At first glance, you understood fine how the CA Access Gateway (SPS) works. The CA Access Gateway (SPS) is a Reverse Proxy. It works with an embedded Web Agent to protect your application. But instead of running the application on the CA Access Gateway (SPS), the CA Access Gateway (SPS) will forward the request to the backend application.
So said, the url :
from your older Web Agent, will be kept the same as per your new CA Access Gateway (SPS).
But the IP to which it will resolve will be the one of the CA Access Gateway (SPS) instead of the older Web Agent.
CA Access Gateway Architecture Introduced https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-architecture-introduced
CA Access Gateway in an Enterprise https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-in-an-enterprise