Symantec Access Management

  • 1.  Protect WAM UI with CA SSO

    Posted Jun 06, 2017 03:51 PM

    Hello All,

     

    I am trying to protect WAM UI with CA SSO using Apache Reverse Proxy and CA SSO Agent.

    I have installed CA SSO and WAMUI on one windows server and Apache & CA SSO Agent on other Window server.

    The WAMUI is working fine but after i configured it to be accessed via the Apache Reverse Proxy, I am unable to access the tasks(Infrastructure, Domain, any of it)on the WAMUI home page, it just displayed the Header and Footer of the home page.

    I have used below Proxy Pass rules to configure reverse proxy for WAM UI.

    ProxyPass /iam/siteminder/ https://<WAMUI HOSTNAME>:8443/iam/siteminder/console/
    ProxyPassReverse /iam/siteminder/ https://<WAMUI HOSTNAME>:8443/iam/siteminder/console/

     

    It seems to be a proxy issue, but am not able to recognize it.

    If anybody can help with the rules or guide me through it, it would be really great.

     

    Regards,

    Sajid



  • 2.  Re: Protect WAM UI with CA SSO

    Broadcom Employee
    Posted Jun 06, 2017 04:59 PM

    Apache Reverse Proxy is open source, CA did not provide an examples from documentation.

    However, there is SPS example, which is this:


    <nete:case value="/iam/siteminder/">

    <nete:forward>http(s)://<Administrative UI hostname:port>$0</nete:forward>

    </nete:case>

    <nete:case value="/castylesr5.1.1/">

    <nete:forward>http(s):// <Administrative UI hostname:port>$0</nete:forward>

    </nete:case>

     

    I think you need translate this into apache config that mod_proxy can understand.

    Is it possible missing path for /castylesr5.1.1?

     

    Hongxu

     



  • 3.  Re: Protect WAM UI with CA SSO

    Posted Jun 07, 2017 03:22 AM

    Hi Hongxu,

    Thank you for the help.

    I have used proxy pass for castylesr5.1.1 as well but still the same.

     

    Regards,

    Sajid



  • 4.  Re: Protect WAM UI with CA SSO

    Posted Jun 06, 2017 11:13 PM

    Try this:

    <Location "/iam/siteminder">

    <IfModule proxy_module>

    ProxyPass https://${YourServerHere}:8443/iam/siteminder

    ProxyPassReverse https://${YourServerHere}:8443/iam/siteminder

    </IfModule>

     

    </Location>

    # CA Styles r5.1.1

    <Location "/castylesr5.1.1/">

    <IfModule proxy_module>

    ProxyPass http://${YourServerHere}:8443/castylesr5.1.1/

    ProxyPassReverse http://${YourServerHere}:8443/castylesr5.1.1/

    </IfModule>

    </Location>



  • 5.  Re: Protect WAM UI with CA SSO

    Posted Jun 07, 2017 01:48 AM

    Kindly refer below document to configure Apache reverse proxy server, which has an example of adminui proxy settings as well.

    How to Configure an Apache Reverse Proxy Server 

     

    Thanks,

    Sharan



  • 6.  Re: Protect WAM UI with CA SSO

    Posted Jun 07, 2017 03:34 AM

    Thank you David and Sharan,

     

    I followed the steps in the document, and configured the proxy rules as given.

    Now when i try from IE, i get below error after entering the credentials and even i tried with private session.

     

    And when i try from Firefox, when i enter the credential and hit enter, it redirects me to the direct/original URL of WAM UI Login Page.

     

    Regards,

    Sajid