Symantec Access Management

Tech Tip : CA Single Sign-On : Resource inside application server Tomcat 

  • 1.  Tech Tip : CA Single Sign-On : Resource inside application server Tomcat 

    Broadcom Employee
    Posted 08-03-2018 09:25 AM

    Question:


    I'm running CA Access Gateway (SPS), and I would like to create a
    resource like proxyui inside the embedded server Tomcat. I would like
    to start my customlogin.fcc page with another resource. Which steps I
    have to follow ? Is possible ? Or is it necessary to create a WAR and
    put inside the CA Access Gateway (SPS) Tomcat server in the
    Tomcat/webapp folder ?

     

    Answer:

     

    First you need to know that CA Access Gateway (SPS) doesn't support
    local content :

    Product Limitations

    "CA Access Gateway does not support local content. The ability to place
    content on CA Access Gateway is not exposed, and CA Access Gateway
    does not support proxy rules for providing access to local content."

    https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-architecture-introduced

    In order to protect your application with a custom authentication
    scheme, you have to run the application on a backend server, and
    configure the protection on the SPS and placing the custom
    authentication scheme at the same place of the login.fcc.

    To illustrate :

    Your application runs on

    http://backend.mydomain.com/myapp

    You configure the proxyrule to relay

    http://mysps.mydomain.com/myapp
    to
    http://backend.mydomain.com/myapp

    Then you place the taftlogin.fcc in the same folder as per the
    login.fcc on the SPS server.

    Then you protect your application defining the realm :

    /myapp

    And then when the user will hit http://mysps.mydomain.com/myapp, it
    will be redirected to

    http://mysps.mydomain.com/siteminderagent/forms/taftlogin.fcc

    and once successfully authenticated and authorized, the request will
    go to http://backend.mydomain.com/myapp, and the reply will appear in
    the user browser as

    http://mysps.mydomain.com/myapp

     

    KB : KB000108977