Symantec Access Management

  • 1.  Environment works even with wrong configuration

    Posted 06-13-2017 09:53 AM

    Hello All,

     

    I have Siteminder ASA installed on Websphere Application Server and is working fine. However I noticed that smhosts.conf file has incorrect configuration.

     

    The ports configured inside smhosts.conf file are 44441 with each policy server entry instead of all three ports like 44441,44442,44443..

     

    policyserver="***.***.***.***,44441,44441,44441"

     

    The other interesting thing I noticed 44443 port is Listening and has established connections and LLAWP process is also running fine.

     

    Please can someone explain this behavior? How the communication is happening even if the ports are not correct?

     

    Thanks



  • 2.  Re: Environment works even with wrong configuration
    Best Answer

    Posted 06-13-2017 12:03 PM

    Did you check HCO details?

    LLAWP/HLA loads the HCO details during the initialization and use this for making the connection to the policy server.

     

    Thanks,

    Sharan



  • 3.  Re: Environment works even with wrong configuration

    Broadcom Employee
    Posted 06-13-2017 06:06 PM

    Once upon a time policy server clients such as ASA had to use all three policy server ports, but modern agents are able to use a single policy server port for all communications, thus the single port configuration is valid..  As Sharan pointed out, the Host Configuration Object (HCO) will determine the ports that the agent uses during runtime.  The ports in the SmHost.conf file are only for bootstrapping and this configuration is no longer used once the agent connects to the policy server(s) in the HCO.

     

    Regards,

    Pete