Apache reverse proxy (web agent enabled) forwards the requests to the backend SOI with SMSESSION cookie and the SOI should honour that session.
As mentioned in this old document, the apache is a reverse proxy with following settings.
http://soi.kim.net.my/ is the reverse proxy with web agent
http://soi.kim.net.my:7070/ is the SOI
----------8<---------
ProxyRequests off
ProxyPreserveHost on
<Location /sam>
ProxyPass
http://soi.kim.net.my:7070/sam ProxyPassReverse
http://soi.kim.net.my:7070/sam</Location>
<Location /sam/admin>
ProxyPass
http://soi.kim.net.my:7090/sam/admin ProxyPassReverse
http://soi.kim.net.my:7090/sam/admin</Location>
<Location /sam/debug>
ProxyPass
http://soi.kim.net.my:7090/sam/debug ProxyPassReverse
http://soi.kim.net.my:7090/sam/debug</Location>
----------8<---------
And SiteMinder is configured to protect the
http://soi.kim.net.my/sam/uiSo if everything is setup correctly, apache will forward all requests coming in with /sam
And if the request goes to /sam/ui then the web agent will challenge the client.
If the client returns with SMSESSION, the apache will be forwarding SMSESSION cookie to the backend, which is SOI.
SOI should honour the SMSESSION.
If you are getting rechallenged, probably SMSESSION is not honoured, then see if you protected only the /sam/ui
If you protect /sam then you can get re-challenged.
Also, there was a known issue then where the SOI did not correctly recognize SMSESSION so it is possible the issue is recurring.
------------------------------
Support Engineer
Broadcom
------------------------------
Original Message:
Sent: 06-05-2019 06:58 AM
From: Antonello Chiaravalle
Subject: Re: Integration - SM + SOI + EEM
Hello,
I know this is a very old thread but I'm facing now with this integration.
Customer want to protect the access to SOI pages using Siteminder, and we have tried to follow the document attached to this thread.
So we have configured SOI integration with EEM, and configured EEM to have a user store of type Siteminder.
We have also an Apache configured as requested in the document.
Our problem is that after the first authentication challenge from SM webagent, the Apache redirect to SOI pages but we have another authentication challenge from SOI.
After a first auth challenge from webagent, we expect to directly login to SOI, having the Siteminder cookies in the session, but this is not happening.
Have we missed something?
Thanks and Regards
Antonello
------------------------------
IT Senior Consultant
Management & Consulting
Original Message:
Sent: 11-22-2017 05:23 AM
From: Nick van Leeuwen
Subject: Re: Integration - SM + SOI + EEM
Hello Sunghoon,
I was wondering. Is this still the only option?
I had integrated with forms before and all of my connections are made with SAML. Within SAML I can easily overwrite the attribute with the Attribute Mapping List of the User Directories. Is there a way to do this for the Spectrum - Single-Sign on configuration as well?