Layer7 Access Management

Expand all | Collapse all

Protect WAM UI with CA SSO

  • 1.  Protect WAM UI with CA SSO

    Posted 06-06-2017 03:51 PM

    Hello All,


    I am trying to protect WAM UI with CA SSO using Apache Reverse Proxy and CA SSO Agent.

    I have installed CA SSO and WAMUI on one windows server and Apache & CA SSO Agent on other Window server.

    The WAMUI is working fine but after i configured it to be accessed via the Apache Reverse Proxy, I am unable to access the tasks(Infrastructure, Domain, any of it)on the WAMUI home page, it just displayed the Header and Footer of the home page.

    I have used below Proxy Pass rules to configure reverse proxy for WAM UI.

    ProxyPass /iam/siteminder/ https://<WAMUI HOSTNAME>:8443/iam/siteminder/console/
    ProxyPassReverse /iam/siteminder/ https://<WAMUI HOSTNAME>:8443/iam/siteminder/console/


    It seems to be a proxy issue, but am not able to recognize it.

    If anybody can help with the rules or guide me through it, it would be really great.




  • 2.  Re: Protect WAM UI with CA SSO

    Posted 06-06-2017 04:59 PM

    Apache Reverse Proxy is open source, CA did not provide an examples from documentation.

    However, there is SPS example, which is this:

    <nete:case value="/iam/siteminder/">

    <nete:forward>http(s)://<Administrative UI hostname:port>$0</nete:forward>


    <nete:case value="/castylesr5.1.1/">

    <nete:forward>http(s):// <Administrative UI hostname:port>$0</nete:forward>



    I think you need translate this into apache config that mod_proxy can understand.

    Is it possible missing path for /castylesr5.1.1?




  • 3.  Re: Protect WAM UI with CA SSO

    Posted 06-07-2017 03:22 AM

    Hi Hongxu,

    Thank you for the help.

    I have used proxy pass for castylesr5.1.1 as well but still the same.




  • 4.  Re: Protect WAM UI with CA SSO

    Posted 06-06-2017 11:13 PM

    Try this:

    <Location "/iam/siteminder">

    <IfModule proxy_module>

    ProxyPass https://${YourServerHere}:8443/iam/siteminder

    ProxyPassReverse https://${YourServerHere}:8443/iam/siteminder




    # CA Styles r5.1.1

    <Location "/castylesr5.1.1/">

    <IfModule proxy_module>

    ProxyPass http://${YourServerHere}:8443/castylesr5.1.1/

    ProxyPassReverse http://${YourServerHere}:8443/castylesr5.1.1/



  • 5.  Re: Protect WAM UI with CA SSO

    Posted 06-07-2017 01:48 AM

    Kindly refer below document to configure Apache reverse proxy server, which has an example of adminui proxy settings as well.

    How to Configure an Apache Reverse Proxy Server 




  • 6.  Re: Protect WAM UI with CA SSO

    Posted 06-07-2017 03:34 AM

    Thank you David and Sharan,


    I followed the steps in the document, and configured the proxy rules as given.

    Now when i try from IE, i get below error after entering the credentials and even i tried with private session.


    And when i try from Firefox, when i enter the credential and hit enter, it redirects me to the direct/original URL of WAM UI Login Page.