Symantec Access Management

  • Private Community
 View Only

  • 1.  How do I create an Apache virtual host when using a SiteMinder Agent?

    Broadcom Employee
    Posted Jun 05, 2012 01:06 PM

    Tuesday Tip by Peter Caliri, Senior Support Engineer, for 6-5-12

    How do I create an Apache virtual host when using a SiteMinder Agent?
    ---------------------------------------------------------------------------------------

    What is the use and/or the benefit of using a virtual host?

    Using an Apache Virtual Host, you can run several websites on the same apache instance utilizing the same apache binary. For example, you can run both theacmecompany.com and top5acmecompanies.com on a single physical server that has one Apache webserver running on it. This can be easier to manage with apache, SiteMinder (e.g. upgrade a single agent) and use fewer resources.

    We will discuss Name-Based Virtual Host.

    In this configuration, when Apache webserver receives a request, it looks for the hostname in the HTTP header, and depending on the hostname, it servers different websites. This is very easy, as you need only one ip-address on that physical server; but, you update the DNS with multiple website names pointing to the same ip-address. For all practical purpose, you’ll be using only Name-based virtual host configuration.

    In the following example, the server can contain only one NIC card, which is configured with 10.10.10.10 ip-address. The DNS entry for both theacmecompany.com and top5acmecompanies.com websites point to the 10.10.10.10 ip-address. When Apache receives a request, it looks for the hostname entry in the HTTP header, and serves the corresponding website.

    1.) Create the virtual Host

    NameVirtualHost 10.10.10.10
    <VirtualHost 10.10.10.10>
    DocumentRoot /www/docs/ top5acmecompanies.com
    ServerName top5acmecompanies.com
    </VirtualHost>


    2.) After this is done, the WebAgent.conf for the Apache server needs to be edited. This file needs to be edited in order to create another agent identity for the virtual server to be protected by SiteMinder.

    agentname=”apache2,10.10.10.10”

    In your ACO (Agent Configuration Object) on the Policy Server, you can have “apache” defined for the “defaultagentname”. (theacmecompany.com)

    3.) In the SiteMinder Policy Server User Interface, create a new Agent for the new agent identity “apache2”. The IP addresses and Agent Name must be the identical with what is specified in the WebAgent.conf and httpd.conf.

    4.) The virtual server that needs to be protected by SiteMinder, a new realm should be created.

    5.) Start/Stop the web server for the changes to take effect.



  • 2.  RE: How do I create an Apache virtual host when using a SiteMinder Agent?

     
    Posted Jun 05, 2012 03:05 PM
    Thanks for the great info Peter! Thanks for posting Vijay! :grin:


  • 3.  RE: How do I create an Apache virtual host when using a SiteMinder Agent?

    Posted Oct 09, 2012 08:08 AM
    Hi Vijay,

    Thanks for the configuration steps. I have followed the same configuration within my setup but have problems loading the web agent (LLAWP). We have Apache Web Server with multiple Virtual Hosts on unique ports. Our servers are configured in such a way that each instance (Virtual Host) has its own httpd.conf and each instance can be started/stopped individually.

    We have separate WebAgent.conf for every instance. I have created the agent identity and have mapped the "agentname" parameter in WebAgent.conf, but still have problems with loading the WebAgent.

    Note#: Since we have individual httpd.conf for each instance we are loading the libmod_sm22.so for every instance

    [09/Oct/2012:02:39:57] [Error] SiteMinder Agent
    Failed to Start the LLAWP process.
    Execlp failed: 'Invalid argument'. LLAWP.exe must be callable from the system path.
    [09/Oct/2012:02:40:02] [Information] SiteMinder Agent
    SiteMinder agent is enabled.
    [09/Oct/2012:02:40:02] [Information] SiteMinder Agent
    Configuration file path:
    '/appshr/ews/servers/rod-S-443/conf/WebAgent.conf'.


  • 4.  RE: How do I create an Apache virtual host when using a SiteMinder Agent?

    Posted Feb 26, 2013 05:07 PM
    For this to work do the virtual hosts need to use different ip addresses?


  • 5.  RE: How do I create an Apache virtual host when using a SiteMinder Agent?

    Posted Oct 09, 2013 08:31 PM

    brettcarroll wrote:

    For this to work do the virtual hosts need to use different ip addresses?
    You can use the HOST_HEADER or IP address or PORT to make them unique.

    For example, you can have 10 virtual hosts running and listening on port 80.
    In this case, they must use different host header value to differentiate them.
    Then you map them in the "AgentName" ACO parameter (you can add multiple values)
    agentname=agentname1,hostname1
    agentname=agentname2,hostname2


    In case if you use different IP addresses to differentiate them,
    agentname=agentname1,IP1
    agentname=agentname2,IP2


    And in case if you use same IP/hostname but different Port,
    agentname=agentname1,IP1:port
    agentname=agentname2,hostname2:port

    You will find this information in the following documentation.

    https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2051-ENU/Bookshelf_Files/HTML/idocs/1859044.html#o1933059