I have a requirement as below.
RedHat Apache web server running multiple virtual hosts. All virtual hosts are for the same cookie domain.
VHost1 - app1.example.com
VHost2 - app2.example.com
Now I want to set it up such that there is no SSO between the two applications. If I login to app1, and then go to app2, it should not log me in. It should throw the login page. and vice versa. As of now both these apps are in the same ACO, so I'm unable to separate them through zones.
Ideally, I'd like to have a separate webagent.conf pointing to a different ACO for each of these virtual hosts so that I can set each of them up in a zone of their own.
Has anyone done this before? is this a supported config? I notice that in the SPS, the server.conf has a separate webagent.conf for the default virtual host and the webservices virtual host. I wonder if this translates to a apache http web server as well?
Yes, you can have WebAgent.conf for respective webserver instance. ServerPath creates a unique identifier for each agent running on the specific webserver instance.
For details, please refer to CA SiteMinder® Integrated Documents 12.52 SP1
The problem is I don't have separate apache instances. I only have one instance, and one httpd.conf.
This httpd.conf has multiple virtual hosts defined. In this scenario, can each virtual host have it's own webagent.conf?
It doesn't seem possible to have ACO for respective virtual host, under same webserver instance.
Comparing SPS with normal Apache webagent, both uses SmInitFile but SPS does not specify the sm_module in httpd.conf. When Apache loads the sm_module, it references the WebAgent.conf on the server level.
However, do raise this as an enhancement request under Ideas.
Just to add, you'll find further precision in that thread too :
Configuring SiteMinder, Apache, VirtualHosts and multiple Policy Servers
That doesn't seem relevant. That talks about multiple Apache instance, the current thread is about single Apache instance with multiple WebAgent.conf which is not possible to my knowledge.