Below is the server.conf file I've addedd virtual host tags in the file.
<Server>
#General Server Information
#Maximum Header Count
ajp13.max_header_count=100
#Define the listeners between
#HTTP listener and proxy engine
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.shutdown.port=8005
#Define additional tuning parameters for the connection between HTTP listener and proxy engine
#These parameters are used by mod_jk and are not used by proxy engine
#worker.ajp13.reply_timeout - The maximum time (milliseconds) that can elapse between any two packets received from proxy engine
#after which the connection between HTTP listener and proxy engine is dropped
#A value of zero makes it to wait indefinitely until response is received (default)
#worker.ajp13.retries - The maximum number of times that the worker will send a request to proxy engine in case of a communication error
#Default value for retries is 2
worker.ajp13.reply_timeout=0
worker.ajp13.retries=2
#Define AJP13 tuning parameters
#Number of request waiting in queue (queue length)
#Number of threads created at initialization time
#Maximum number of concurrent connections possible
#Maximum time (seconds) that the idle connections will remain the connection pool before timing out, default value is 0 that means never time out
ajp13.accept_count=10
ajp13.min_spare_threads=10
ajp13.max_threads=410
worker.ajp13.connection_pool_timeout=0
#'max_packet_size': This attribute sets the maximum AJP packet size in Bytes. The maximum value is 65536.
#This same value will be used as 'packetSize' attribute for AJP connector on the Tomcat side.
worker.ajp13.max_packet_size=16384
singleprocessmode="yes"
#'agenttype' parameter indicates the type of SiteMinder Agent.
#This parameter is intended for internal use only. It is not supposed to be modified by administrator.
agenttype="-SPAGENT"
# Provide the values for the Federation related parameters here
#
# enablefederationgateway - "yes" or "no" - Enable or Disable SPS Federation Gateway
# fedrootcontext - Name of the Federation root context ("affwebservices" by default)
# authurlcontext - Path of the Authentication URL (without the jsp file name) (siteminderagent/redirectjsp by default)
# protectedbackchannelservices - Names of protected Backchannel services
<federation>
enablefederationgateway="yes"
fedrootcontext="affwebservices"
authurlcontext="siteminderagent/redirectjsp"
protectedbackchannelservices="saml2artifactresolution,saml2certartifactresolution,saml2attributeservice,saml2certattributeservice,assertionretriever,certassertionretriever"
</federation>
#only one localapp tag should be there
<localapp>
enablelocalapp="yes"
#Define the http & https listeners for LocalApplications
#Default Value for local.host=*,local.http.port=8080
#* indicates to listen on all available interfaces present
# on local system
#Note: If ipaddress / host name typed incorrectly or provided
#input is not resolvable by java then SPS listens on all
#interfaces available on local system
local.host=*
local.http.port=2000
#Provide the name of keystore and put it in $$CAKEYPATH folder
#Provide a password for keystore
#To enable SSL for localapp uncomment next three parameters
local.https.port=2001
local.https.keyStoreFileName="ServerCertnew.jceks"
#Set the SSL Enabled protocol version to support: TLSv1
#NOTE: SSL version 2 and SSL version 3 are no longer supported
local.https.sslEnabledProtocols="TLSv1"
#n no of xml can be added in the localapp tag
context_file="conf/ClaimsWS.xml"
</localapp>
# Root of location that the agent will resolve "/" to for
# finding forms (fcc) and error files. Note: If document_root
# is specified as a relative directory, it will be relative to
# Tomcat/webapps/
document_root="../../proxy-engine/examples"
# Enable disable HTTPClient logging with value "yes" or "no".
# Recommended to enable the logging for only debug purposes. Not recommended for production environment.
httpclientlog="no"
<sslparams>
# Set the SSL protocol version to support: TLSv1, TLSv1.1, and TLSv1.2
# NOTE: SSLv2 and SSLv3 are not recommended to be used
versions="TLSv1"
ciphers="-RSA_With_Null_SHA,+RSA_With_Null_MD5,-RSA_With_RC4_SHA,+RSA_With_RC4_MD5,+RSA_With_DES_CBC_SHA,+RSA_Export_With_RC4_40_MD5,-RSA_Export_With_DES_40_CBC_SHA,+RSA_Export_With_RC2_40_CBC_MD5,-DH_RSA_With_DES_CBC_SHA,-DH_RSA_With_3DES_EDE_CBC_SHA,-DH_RSA_Export_With_DES_40_CBC_SHA,-DH_DSS_With_DES_CBC_SHA,-DH_DSS_Export_With_DES_40_CBC_SHA,-DH_Anon_With_RC4_MD5,-DH_Anon_With_DES_CBC_SHA,-DH_Anon_With_3DES_EDE_CBC_SHA,-DH_Anon_Export_With_DES_40_CBC_SHA,-DH_Anon_Export_With_RC4_40_MD5,-DHE_RSA_With_DES_CBC_SHA,-DHE_RSA_Export_With_DES_40_CBC_SHA,-DHE_DSS_With_DES_CBC_SHA,-DHE_DSS_Export_With_DES_40_CBC_SHA"
fipsciphers="+DHE_DSS_With_AES_256_CBC_SHA, +DHE_RSA_With_AES_256_CBC_SHA, +RSA_With_AES_256_CBC_SHA, +DH_DSS_With_AES_256_CBC_SHA, +DH_RSA_With_AES_256_CBC_SHA, +DHE_DSS_With_AES_128_CBC_SHA, +DHE_RSA_With_AES_128_CBC_SHA, +RSA_With_AES_128_CBC_SHA, +DH_DSS_With_AES_128_CBC_SHA, +DH_RSA_With_AES_128_CBC_SHA, +DHE_DSS_With_3DES_EDE_CBC_SHA, +DHE_RSA_With_3DES_EDE_CBC_SHA, +RSA_With_3DES_EDE_CBC_SHA, +DH_DSS_With_3DES_EDE_CBC_SHA"
# Covalent SSL CA certificate bundle and certs path to be converted
# The bundle and/or certs located at defined location will be converted
# to binary (DER) format and loaded as SSLParams.
# NOTE: Only put Base64 (PEM) encoded cert files/bundles in the covalent
# certificate directory.
cacertpath="E:\CA\Agent-for-SharePoint\SSL\certs"
cacertfilename="E:\CA\Agent-for-SharePoint\SSL\certs\ca-bundle.cert"
# This certificate configured below is used as SPS client certificate for the backend servers when
# SSL client authentication is enabled.
# Location of the Key file : <install-dir>\SSL\clientcert\key\
# Location of public certs : <install-dir>\SSL\clientcert\certs\
# NOTE: Only put DER encoded, password encrypted pkcs8 keyfile.
# Client pass phrase should be encrypted using EncryptUtil tool.
#ClientKeyFile=
#ClientPassPhrase=
# max cache time in milliseconds (Default: 120000 milliseconds)
maxcachetime="120000"
</sslparams>
#This parameter is applicable to the cookie added by backend.
#"yes"--- Default Value. Quotes will be added to the cookie parameter value
#which contains special characters if the cookie version is other than "0"
#"no" --- Quotes will not be added to the cookie.
addquotestocookie="yes"
# This parameter is applicable to the cookie sent to browser
# Tomcat 5.5 and higher adds quotes to the cookie. Parameter "addquotestobrowsercookie" changes the default behavior of Tomcat.
# "no" --- Default Value. Quotes will not be added to the cookie parameter value
# "yes" --- Quotes will be added to the cookie.
addquotestobrowsercookie="no"
# This parameter is applicable to the equal (=) sign in the cookie.
# Tomcat will allow = characters when parsing unquoted cookie values.
# Tomcat 5.5 and higher adds quotes to the cookie. Parameter "allowequalsincookievalue" changes the default behavior of Tomcat.
# "yes" --- Default Value. Cookie values are allowed to contain an equals character.
# "no" --- Cookie values containing = will be terminated when the = is encountered and the remainder of the cookie value will be dropped.
allowequalsincookievalue="yes"
# This parameter needs to be set to the appropriate char-set based upon the locale of the users
# This parameter is used by the HttpClient inside SPS to appropriately encode the headers that
# will be sent to the backend server
# For Example -
# "US-ASCII"--- Default value, which is appropriate for default US English Locale
# "Shift_JIS" --- Should be set for supporting Japanese locale and for supporting login using Japanese usernames
requestheadercharset="US-ASCII"
#This parameter is applicable to the caching of POST data.
#"no"--- Post data ia not cached by SPS.
#"yes"--- Default Value. POST data Caching enabled
enablecachepostdata="yes"
#This parameter defines that maximum size of POST data that is to be cached.
#Size in Kb
maxcachedpostdata="1024"
# This parameter needs to be set to "yes" if request URL needs to be URLEncoded before sending the request to backend web server.
# "no" --- The request URL will not be URLEncoded before sending the request to backend web server.
# "yes" ---Default value.
encodeurl="yes"
# use of forcewritecookiedomain compatibility (backward) regarding how to handle domain= for host cookie
forcewritecookiedomain="no"
#Configurations related to custom error pages
<customerrorpages>
#possible values are: "yes", "no"
#default value is "no"
enable="no"
#custom error pages implementation class
class="com.netegrity.proxy.errorpages.ErrorPageImpl"
#defines type of locale.
#possible values are: "0" (for Server specific), "1" (for Browser specific)
#default value is "0"
locale_type="0"
#this value should be the language code that will be understood by the java
#locale object, say "zh" for Chinese, "fr" for French, "es" for Spanish, "en" for
#english, etc.
#default value is "en"
locale_language="en"
#this value should be the country/region code that will be understood by the
#java locale object, say "CN" for China, "CH" for Switzerland, "AR" for
#Argentina, "US" for United States.
#default value is "US"
locale_country="US"
</customerrorpages>
#Custom error pages configuration end
# MAX buffer size for monitoring feature buffer size. Used only atleast on metric-reporter tag is enabled.
# default value 1000 entries
monitor_data_buffer_size="1000"
</Server>
#
# Default metric reporter to monitor SPS with Wily
# enabled - yes to enable and no to disable, default: no
# endpoint - format: protocol://hostname:port/
# hostname should be the hostname where Wily EPAgent is started
# port network data port/HTTP port configured in Wily EPAgent based on protocol given
# protocol - tcp, if network data port & http, if http port is configured on Wily EPAgent side
#
<metric-reporter name="WilyMetricReporter">
class="com.ca.proxy.monitor.wily.WilyMetricReporter"
enabled="no"
endpoint="http://localhost:8886"
</metric-reporter>
<SessionStore>
# Session Store Information
class="com.netegrity.proxy.session.SimpleSessionStore"
max_size="10000"
clean_up_frequency="60"
</SessionStore>
# Service Dispatcher
# This is new since proxy 6.0
# Service Dispatcher is now a global server configuration parameter and is no longer
# configured on a per virtual host basis.
<ServiceDispatcher>
class="com.netegrity.proxy.service.SmProxyRules"
rules_file="E:\CA\Agent-for-SharePoint\proxy-engine\conf\proxyrules.xml"
</ServiceDispatcher>
# Proxy Service
<Service name="forward">
class="org.tigris.noodle.Noodle"
# Enables support for multiple protocols if set to true. Currently only
# http and https is supported. If set to false only http is supported.
protocol.multiple="true"
http_connection_pool_min_size="2"
http_connection_pool_max_size="420"
http_connection_pool_incremental_factor="2"
# Timeout to be used to close idle connections in the pool. If no units are specified,
# the default units are minutes
http_connection_pool_connection_timeout="1 minute"
# Timeout (in milliseconds) to be used to wait for an available connection.
# A timeout of zero:
# 1. causes the pool to wait for a connection until notified
# 2. invalidates the use of max retries
http_connection_pool_wait_timeout="0"
# Number of attempts to obtain a connection.
# A value of zero causes pool to attempt indefinitely.
# Only applicable if wait timeout is not zero.
http_connection_pool_max_attempts="3"
# Timeout (in milliseconds) to be used for creating connections and reading
# responses. The timeout will limit the time spent doing the host name
# translation and establishing the connection with the server when creating
# sockets.
# A timeout of zero means wait indefinitely.
http_connection_timeout="3 minutes"
http_connection_stalecheck="true"
# Timeout (in milliseconds) to be used for continous data connection.
# If the data flow is interrupted for the specified timeout the connection
# is regarded as stalled/broken. eg. if the value is set to 1, the socket
# expects data to flow continuously at every 1 ms; WARNING: setting the
# value to zero (0) will cause the idle socket to wait forever.
http_socket_timeout="180000"
# Pool configuration for connection oriented authentication backend
# connections eg: NTLM.
<connection-pool name="connection oriented authentication">
connection-timeout="10 seconds"
max-size="200"
enabled="yes"
</connection-pool>
# Proxy filters may be defined here to perform pre/post processing tasks.
# The following format must be used to configure filters:
#
# filter.<filter name>.class=<fully qualified filter class name> (required)
# filter.<filter name>.init-param.<param name1>=<param value1> (optional)
# filter.<filter name>.init-param.<param name2>=<param value2>
# filter.<filter name>.init-param.<param name3>=<param value3>
#
# The filter name is used by the proxy rules to trigger a specific filter.
# Filter names should be unique.
# Filter jar files should be dropped in the <SPS_HOME>/Tomcat/lib directory
# See the documentation for more details.
#
# The following are examples for use with the provided sample filters:
# Defines a filter with name "filter1" whose class is "SamplePreFilter"
#filter.filter1.class=SamplePreFilter
#filter.filter1.init-param.header1="Header1"
#filter.filter1.init-param.header2="header2"
#filter.filter1.init-param.newheader="FILTER_GENERATED_HEADER"
#
# Defines a filter with name "filter2" whose class is "SamplePostFilter"
#filter.filter2.class=SamplePostFilter
#filter.filter2.init-param.oldStr="foo"
#filter.filter2.init-param.newStr="bar"
##filter.myfilter.class=MyFilter
##filter.myfilter.init-param.oldStr="CA"
##filter.myfilter.init-param.newStr="Oracle"
#
# The following example illustrates the use of custom filters in a group
# Defines filter groups with valid Custom filter names.
# Defines a filter group with name "group1" by grouping Custom filters "filter1" and "filter2"
#groupfilter.group1="filter1,filter2"
# Defines a filter group with name "group2" by grouping Custom filters "myfilter" and "filter1"
#groupfilter.group2="myfilter,filter1"
</Service>
# Redirect Service
<Service name="redirect">
class=com.netegrity.proxy.service.RedirectService
</Service>
#Session Schemes
<SessionScheme name="default">
class="com.netegrity.proxy.session.SessionCookieScheme"
accepts_smsession_cookies="true"
</SessionScheme>
<SessionScheme name="ssl_id">
class="com.netegrity.proxy.session.SSLIdSessionScheme"
accepts_smsession_cookies="false"
</SessionScheme>
<SessionScheme name="simple_url">
class="com.netegrity.proxy.session.SimpleURLSessionScheme"
accepts_smsession_cookies="false"
session_key_name="SMID"
</SessionScheme>
<SessionScheme name="minicookie">
class="com.netegrity.proxy.session.MiniCookieSessionScheme"
accepts_smsession_cookies="false"
# The name of the small cookie to be stored in the client.
cookie_name="SMID"
</SessionScheme>
<SessionScheme name="device_id">
class="com.netegrity.proxy.session.DeviceIdSessionScheme"
accepts_smsession_cookies="false"
# The header name containing the device id of the wireless devices
device_id_header_name="vendor_device_id_header_name"
</SessionScheme>
# TO-DO: Define Any User Agents, if you want to
# use a different session scheme based on
# the type of client accessing the server.
#
# NOTE: UserAgent matching is done in the order
# in which the user agents are defined in this file.
# <UserAgent name="user_agent_name_1">
# header_name_1=some regular expression
# </UserAgent>
# <UserAgent name="user_agent_name_2">
# header_name_1=some other regular expression
# </UserAgent>
<VirtualHostDefaults>
# default session scheme
defaultsessionscheme="default"
enablerewritecookiepath="no"
enablerewritecookiedomain="no"
enableproxypreservehost="no"
# specify the block size for request and response in KBs
requestblocksize="4"
responseblocksize="4"
#TO-DO: Define any session scheme mappings
#<SessionSchemeMappings>
# user_agent_name=session_scheme_name
#</SessionSchemeMappings>
# Web Agent.conf
<WebAgent>
sminitfile="E:\CA\Agent-for-SharePoint\proxy-engine\conf\defaultagent\WebAgent.conf"
</WebAgent>
</VirtualHostDefaults>
# Default Virtual Host
<VirtualHost name="externalurl">
#addresses="192.168.1.100"
hostnames="externalurl"
defaultsessionscheme="default"
# specify the block size for request and response in KBs
requestblocksize="4"
responseblocksize="8"
#The defaults can be overridden
#not only for the Virtual Host
#but for the WebAgent for that
#virtual host as well
#<WebAgent>
#</WebAgent>
</VirtualHost>
** In Virtual Host tag externalurl refers to end user url.**
Thanks
Anish