Symantec Access Management

Hi Team,

the products we're using is:

• CA Single Sing-On 12.7 as a Policy Server
• CA Single Sign-On Web Agent 12.52 SP1

The Web Agent is installed on MS IIS.
The MS IIS exposes two different fqdn (domain1.it:8080 and domain2.it:8080).
The Web Agent should protect only one fqdn (domain2.it) on resource /*.
Is there a way to configure Siteminder in order to protect only one of the two fqdn that are exposed on the same instance on MS IIS?

Thank you,

Marta

Yes. if you leverage the latest version of agent, it will allow you to do it out of box. if you are on older version of agent, just get rid of wildcard mappings(handler-wa*) and SiteMinder ISAPI filters on the site you do not want siteminder protection
Original Message:
Sent: 06-10-2019 06:35 AM
From: marta benedetti
Subject: CA Single Sign-ON

Hi Team,

the products we're using is:

• CA Single Sing-On 12.7 as a Policy Server
• CA Single Sign-On Web Agent 12.52 SP1

The Web Agent is installed on MS IIS.
The MS IIS exposes two different fqdn (domain1.it:8080 and domain2.it:8080).
The Web Agent should protect only one fqdn (domain2.it) on resource /*.
Is there a way to configure Siteminder in order to protect only one of the two fqdn that are exposed on the same instance on MS IIS?

Thank you,

Marta

Hi Kaladhar,

thank you for your answer.
I'm using the latest version of agent.
I'm using only one IIS Web Site and it is resolved by both FQDN.
For the IIS Web Site I need to enabled the SiteMinder WebAgent distinguishing by FQDN of the URL.

Can you suggest anything to do so?

Thanks,

Marta
Original Message:
Sent: 06-10-2019 10:36 AM
From: Kaladhar Brahmanapally
Subject: CA Single Sign-ON

Yes. if you leverage the latest version of agent, it will allow you to do it out of box. if you are on older version of agent, just get rid of wildcard mappings(handler-wa*) and SiteMinder ISAPI filters on the site you do not want siteminder protection
Original Message:
Sent: 06-10-2019 06:35 AM
From: marta benedetti
Subject: CA Single Sign-ON

Hi Team,

the products we're using is:

• CA Single Sing-On 12.7 as a Policy Server
• CA Single Sign-On Web Agent 12.52 SP1

The Web Agent is installed on MS IIS.
The MS IIS exposes two different fqdn (domain1.it:8080 and domain2.it:8080).
The Web Agent should protect only one fqdn (domain2.it) on resource /*.
Is there a way to configure Siteminder in order to protect only one of the two fqdn that are exposed on the same instance on MS IIS?

Thank you,

Marta

Hi Marta,

 You can try mapping the FQDNs for two different agents on AgentName ACO parameter, so you can create a realm with no protection for one agent and a realm with desired protection to the other (domain2.it).

 Let me know if it helps.

Regards!
Original Message:
Sent: 06-11-2019 09:09 AM
From: marta benedetti
Subject: CA Single Sign-ON

Hi Kaladhar,

thank you for your answer.
I'm using the latest version of agent.
I'm using only one IIS Web Site and it is resolved by both FQDN.
For the IIS Web Site I need to enabled the SiteMinder WebAgent distinguishing by FQDN of the URL.

Can you suggest anything to do so?

Thanks,

Marta
Original Message:
Sent: 06-10-2019 10:36 AM
From: Kaladhar Brahmanapally
Subject: CA Single Sign-ON

Yes. if you leverage the latest version of agent, it will allow you to do it out of box. if you are on older version of agent, just get rid of wildcard mappings(handler-wa*) and SiteMinder ISAPI filters on the site you do not want siteminder protection
Original Message:
Sent: 06-10-2019 06:35 AM
From: marta benedetti
Subject: CA Single Sign-ON

Hi Team,

the products we're using is:

• CA Single Sing-On 12.7 as a Policy Server
• CA Single Sign-On Web Agent 12.52 SP1

The Web Agent is installed on MS IIS.
The MS IIS exposes two different fqdn (domain1.it:8080 and domain2.it:8080).
The Web Agent should protect only one fqdn (domain2.it) on resource /*.
Is there a way to configure Siteminder in order to protect only one of the two fqdn that are exposed on the same instance on MS IIS?

Thank you,

Marta