Symantec Access Management

 View Only
  • 1.  How to ignore "localhost" in CA siteminder

    Posted Oct 26, 2018 05:18 AM

    I tried below step to ignore local host but still getting SSO login page.


    Added "localhost:80" and "' in application ACO IgnoreHost attribute.




    In google i found that "SiteMinder resolves localhost to the computer name before checking the IgnoreHost value, so adding "localhost" will not exempt local connections". My requirement is i have to ignore localhost only not entire host.


    Note : Entire root(/) is protected in application SSO policy.


    Please suggest some process to ignore localhost.



  • 2.  Re: How to ignore "localhost" in CA siteminder

    Posted Oct 26, 2018 09:02 AM




    I'd recommend looking at your /etc/hosts file to see what is configured in there. Typically you'd need something like this.


    10.x.x.x   localhost


    Now try using IgnoreHost ACO Parameter. If it still doesn't work, remove IgnoreHost and try below.


    One of the suggestion I'd recommend is to use  "AgentName" parameter in ACO.

    Basic Agent Setup and Policy Server Connections - CA Single Sign-On - 12.8 - CA Technologies Documentation 

    Create three WebAgent Object in WAMUI, e.g. wa_dns, wa_localhost and wa_server.

    Edit your ACO, disable DefaultAgentName, Enable AgentName as Multi-Value Attribute.




    Now map only wa_dns to the realm protecting /*





  • 3.  Re: How to ignore "localhost" in CA siteminder

    Broadcom Employee
    Posted Oct 26, 2018 04:43 PM

    On this question, what if we take a step back from CA SSO and look at the Web Server itself. Is it IIS or Apache?


    To me the best solution is for the Web Server not to bind to *.

    So in the Apache httpd.conf instead of Listen 80, specify the ip address, Listen 10.x.x.x:80.

    In IIS you would go to the Site Bindings and change the IP Address from * to 10.x.x.x:80


    Hope this helps!