Symantec Access Management

 View Only
  • 1.  WebSphere agent

    Posted Sep 10, 2019 07:46 AM
    Hi,

    We have a request for SM integration with WebSphere App server.IBM WebSphere Application Server ND with server version 8.0.0.5 and OS is AIX 7.1. Java version 1.5.

    As a prerequisite i have set the JAVA_HOME environment variable to the location of the WebSphere JRE. Also I have given full permission to below policy files inside /AppServer/java/jre/Lib/Security.

    chmod 744 local_policy.jar
    chmod 744 US_export_policy.jar


    Downloaded ca-asa-was-12.0-sp02 and installed it in their environment. While configuring the agent i got below error.


    Could not register host
    -----------------------

    Could not register a trusted host with the SiteMinder Policy Server. Please
    try again, or run smreghost located in /CA/smwasasa/bin manually after
    installation.

    Return value: 255
    STDOUT:
    STDERR: Failed to enable any clusters.
    Registration has failed.

    Please assist on this. 



    Best Regards,
    Shahbaz Shaikh



  • 2.  RE: WebSphere agent

    Broadcom Employee
    Posted Sep 12, 2019 02:34 AM
    Hi,

    Is WebSphere 8.0 32 or 64bit ? You should note that we support on Aix
    7 only the 64bit flavor :

    SiteMinder 12.0 Application Server Agents, includes updates for base
    release and all later CRs/SPs for this release
    https://casupport.broadcom.com/phpdocs/7/5262/5262_120_ASA_PSM.pdf

    Best Regards,
    Patrick


  • 3.  RE: WebSphere agent

    Posted Sep 13, 2019 05:37 AM
    Hi Pattrick,

    WebSphere version is 8.0.0.5 64 bit. And we have AIX 7.1.

    Please note that we have overcome above issue and now host registration has been done successfully. The challenge now we are facing is that how do we set WebSphere Virtual Host in order to make it work as reverse proxy.

    Also is there any way to off native authentication of WebSphere and activate authentication of  ASA?



    Regards,
    Shahbaz Shaikh


  • 4.  RE: WebSphere agent

    Broadcom Employee
    Posted Sep 16, 2019 02:35 AM
    Hi Shahbaz,

    Usually, people set a Web Agent on the IHS server, and the ASA Agent
    on the WebSphere server to handle the authorization part, in order to
    handle the JACC Provider.

    Configure Rules for the JACC Provider
    https://casupport.broadcom.com/cadocs/0/CA%20SiteMinder%20Agent%20for%20WebSphere%20r12%20SP2-ENU/Bookshelf_Files/HTML/index.htm?toc.htm?218662.html

    I hope this helps,

    Best Regards,
    Patrick


  • 5.  RE: WebSphere agent

    Posted Sep 16, 2019 07:45 AM
    Hi Pattrick,

    The Challenge is we do not have any HTTP server in our environment where we could install standard apache agent and make it work as a reverse proxy.
    We have only installed ASA agent on WebSphere server and was looking out for a way to set WebSphere itself as a reverse proxy and enable Authentication/Authorization from siteminder end rather than Websphere end.

    Is there any way out to implement this?

    Rewgards,
    Shahbaz Shaikh


  • 6.  RE: WebSphere agent
    Best Answer

    Broadcom Employee
    Posted Sep 17, 2019 02:33 AM
    Hi Shahbaz,

    ASA Agent for WebSphere hasn't been designed to act as Reverse
    Proxy. If you need the ASA Agent to handle alone the Authentication
    and Authorization, you might disable completely the security on the
    WebSphere side and let the ASA Agent to handle both processing.

    But again, in reverse proxy mode, this might not work as you may
    wish. You'll need to request the product to be enhanced to get that
    feature in future versions.

    I hope this helps,

    Best Regards,
    Patrick