Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : CA Access Gateway protecting external website 

  • 1.  Tech Tip : CA Single Sign-On : CA Access Gateway protecting external website 

    Broadcom Employee
    Posted Jun 14, 2018 02:44 AM



    We'd like to understand how works the CA Access Gateway (SPS) in comparision with
    the Web Agent. When there isn't an agent on the external webserver, the user should
    go to the CA Access Gateway instead. So it looks like the IP-address of
    the URL corresponding to the website should be changed to an address
    which is recognized by our CA Access Gateway on which rules for this
    website are defined which controls the authentication and authorisation
    of the website. If the authentication is accepted then the user must
    be redirected to the external website otherwise the user is rejected.

    Is this the correct implementation for protecting an external website with
    CA Access Gateway instead of using a webagent?




    At first glance, you understood fine how the CA Access Gateway (SPS)
    works. The CA Access Gateway (SPS) is a Reverse Proxy. It works with
    an embedded Web Agent to protect your application. But instead of
    running the application on the CA Access Gateway (SPS), the CA Access
    Gateway (SPS) will forward the request to the backend application.

    So said, the url :

    from your older Web Agent, will be kept the same as per your new CA
    Access Gateway (SPS).

    But the IP to which it will resolve will be the one of the CA Access
    Gateway (SPS) instead of the older Web Agent.

    Additional Information:


    CA Access Gateway Architecture Introduced

    CA Access Gateway in an Enterprise


    KB : KB000098647