Layer7 Access Management

Expand all | Collapse all

SPS SSL Setup to protect Web Service Authentication

Jump to Best Answer
  • 1.  SPS SSL Setup to protect Web Service Authentication

    Posted 05-02-2017 11:43 AM

    Hi All, 

     

    This is with the continoution to the existing thread  How to prepare self-signed certificate in CA Accessgateway  

     

    I am trying to enable SSL on SPS to protect the web services methods. Any doc which explains all the required steps starts from Enable SSL in SPS and protect web services. One doubt  is the Tomcat is serving all the fed and web services requests. Do we need to enable SSL over there as well? or Apache level of SSL is sufficient? 

     

    I dont have proxy UI enabled as we have LB and there are 4 servers behind the LB. So, controlling the proxyui requests is difficult. Can you suggests the configuration way without proxyUI?

     

    Thanks,

    Raam



  • 2.  Re: SPS SSL Setup to protect Web Service Authentication
    Best Answer

    Posted 05-03-2017 07:04 AM

    Hi  Ram,

     

    Please refer below link for more details on SSL configuration (this is having steps Manually).
    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-ssl-for-ca-siteminder-sps

     

    Please refer below link for web service configuration.
    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configuring-the-authentication-and-authorization-web-services


    Also refer below youtube video for the configuration.
    https://www.youtube.com/watch?v=6ZMe_7WL_-M&feature=youtu.be

     

    And regarding your doubt, Tomcat is serving all the fed and web services requests. Do we need to enable SSL over there as well? or Apache level of SSL is sufficient?
    If you want to use https connection from Browser to apache then SSL at apache level is sufficient.
    If you want to use https connection at tomcat then configuring SSL on Tomcat Application Server.

     

    hope this helps.

     

    Thanks,

    Sharan