Symantec Access Management

I tried below step to ignore local host but still getting SSO login page.

Added "localhost:80" and "127.0.0.1:80' in application ACO IgnoreHost attribute.

ignorehost='localhost:80'
ignorehost='127.0.0.1:80'

In google i found that "SiteMinder resolves localhost to the computer name before checking the IgnoreHost value, so adding "localhost" will not exempt local connections". My requirement is i have to ignore localhost only not entire host.

Note : Entire root(/) is protected in application SSO policy.

Please suggest some process to ignore localhost.

JettyPraveen

I'd recommend looking at your /etc/hosts file to see what is configured in there. Typically you'd need something like this.

10.x.x.x   dns.company.com

127.0.0.1   localhost    servername.company.com

Now try using IgnoreHost ACO Parameter. If it still doesn't work, remove IgnoreHost and try below.

One of the suggestion I'd recommend is to use  "AgentName" parameter in ACO.

Basic Agent Setup and Policy Server Connections - CA Single Sign-On - 12.8 - CA Technologies Documentation 

Create three WebAgent Object in WAMUI, e.g. wa_dns, wa_localhost and wa_server.

Edit your ACO, disable DefaultAgentName, Enable AgentName as Multi-Value Attribute.

wa_dns,dns.company.com

wa_localhost,localhost

wa_server,servername.company.com

Now map only wa_dns to the realm protecting /*

Regards

Hubert

On this question, what if we take a step back from CA SSO and look at the Web Server itself. Is it IIS or Apache?

To me the best solution is for the Web Server not to bind to *.

So in the Apache httpd.conf instead of Listen 80, specify the ip address, Listen 10.x.x.x:80.

In IIS you would go to the Site Bindings and change the IP Address from * to 10.x.x.x:80

Hope this helps!