Symantec Access Management

Expand all | Collapse all

CA Single Sign-ON

Jump to Best Answer
  • 1.  CA Single Sign-ON

    Posted 06-10-2019 07:05 AM
    Hi Team,

    the products we're using is:
    • CA Single Sing-On 12.7 as a Policy Server
    • CA Single Sign-On Web Agent 12.52 SP1
    The Web Agent is installed on MS IIS.
    The MS IIS exposes two different fqdn (domain1.it:8080 and domain2.it:8080).
    The Web Agent should protect only one fqdn (domain2.it) on resource /*.
    Is there a way to configure Siteminder in order to protect only one of the two fqdn that are exposed on the same instance on MS IIS?

    Thank you,

    Marta


  • 2.  RE: CA Single Sign-ON

    Posted 06-10-2019 11:09 AM
    Yes. if you leverage the latest version of agent, it will allow you to do it out of box. if you are on older version of agent, just get rid of wildcard mappings(handler-wa*) and SiteMinder ISAPI filters on the site you do not want siteminder protection


  • 3.  RE: CA Single Sign-ON

    Posted 06-11-2019 10:55 AM
    Hi Kaladhar,

    thank you for your answer.
    I'm using the latest version of agent.
    I'm using only one IIS Web Site and it is resolved by both FQDN.
    For the IIS Web Site I need to enabled the SiteMinder WebAgent distinguishing by FQDN of the URL.

    Can you suggest anything to do so?

    Thanks,

    Marta


  • 4.  RE: CA Single Sign-ON
    Best Answer

    Posted 07-02-2019 02:59 PM
    Hi Marta,

     You can try mapping the FQDNs for two different agents on AgentName ACO parameter, so you can create a realm with no protection for one agent and a realm with desired protection to the other (domain2.it).

     Let me know if it helps.

    Regards!