Symantec Access Management

 View Only
  • 1.  Separate Federation logs for each VirtualHost.

    Posted Sep 07, 2018 09:46 AM

    Currently I am using IBM HTTP server/WebSphere with Webagent and WAOP for federation. I have two web server instances and deployed two separate affwebservices.war files into the backend application server. I am managing two separate FWStrace_<virtualHost>.log and affwebservices<VirtualHost>.log. 

     

    Now I have installed and configure CA Access Gateway with two VirtualHost. But I am unable to separate Federation logs. Could someone please help me on that how I can separate them in CA Access Gateway? I am using CA AG R12.7 SP02. 



  • 2.  Re: Separate Federation logs for each VirtualHost.

    Broadcom Employee
    Posted Sep 07, 2018 03:43 PM

    Hi Naresh,

    I believe agent log is controlled by ACO.

    As long as there is only one ACO, then there is only one set of logs location. CA Access Gateway with two VirtualHost does not mean it will have two ACOs.

    And I do not think one installation of  CA Access Gateway can have two ACOs.

    Maybe this can be a new IDEA for enhancement?

     

    Thank you.

    Hongxu Liu
    CA SSO Support



  • 3.  Re: Separate Federation logs for each VirtualHost.

    Posted Sep 07, 2018 03:46 PM

    Thanks for your response Hongxu. I am already using two ACO's with one CA Access Gateway. I have already configured agent and trace logs separate. But only issue with FWSTrace logs.



  • 4.  Re: Separate Federation logs for each VirtualHost.
    Best Answer

    Posted Sep 09, 2018 05:10 PM

    NarGarg

     

    You are correct, Instead of using the Parent WebAgent.conf which is defined outside the VirtualHost, We can configure different WebAgent.conf within each VirtualHost and thus each WebAgent.conf would point to its own ACO or LocalConfig file. This gives us the ability to run CA AG in multiple LLAWP mode (multi-process mode), instead of running it within OOB as a single Java Process.

     

    However the same is not TRUE for "affwebservices". All VirtualHosts, are configured to use a single "affwebservices" exploded WAR from <SPS_HOME>/Tomcat/webapps/affwebservices. There is only one LoggerConfig.properties within "affwebservices/WEB-INF/Classes". Hence currently all request for "affwebservices" from all VirtualHost is routed to this single exploded WAR. Thus we cannot define FWSTrace.log (and affwebsrv.log) per VirtualHost. It will be a an enhancement.

     

    There are a few other enhancements on similar lines. But not specifically for logging. So you may raise this.

    CA SPS - Block access to Federated Web Apps on Virtual Host Basis 

    CA SPS: configurable affwebservices URI 

     

    Regards

    Hubert



  • 5.  Re: Separate Federation logs for each VirtualHost.

    Posted Sep 09, 2018 05:42 PM

    Thanks Hubert. I have around 100+ federations today and it will take lot of time to read  FWSTrace.log/affwebservices.log  files. Do you know where I can open enhancement request?



  • 6.  Re: Separate Federation logs for each VirtualHost.

    Posted Sep 09, 2018 07:59 PM

    NarGarg

     

    Enhancement Request could be raised via the "ideation" page in communities.

    CA Single Sign-On  on this page, use Action Drop Down or pencil Drop Down; then click on "Create an Idea".

     

    I'd be inclined to use a single Virtual Host for federation, that is pretty much how most customers use in the field (with WA-WAOP and CA AG). Are you using an equivalent number of Virtual Hosts to the number of federation. If Yes, isn't that a lot more overhead than reading log files (Just a thought!).