Idea Details

SiteMinder to Support Multiple ACOs for IIS

Last activity 06-13-2019 09:58 AM
LRKelly's profile image
08-22-2014 03:53 PM

Use case: 

Multiple applications share a single IIS web server with multiple instances. The current configuration does not support multiple ACOs. So multiple apps are forced to share the same settings and this does not not work in some scenarios. Citi would like to have the flexibility to have an individual ACO for each instance.

 

Webagent Version: R12 SP3 CR12 and any later version Citi will upgrade to.

 

Webagent type: Webagent for IIS

 

IIS Version: IIS 7, IIS 7.5, IIS 8 and IIS 8.5

 

We believe that more SM users other than us would like or have use for this type of flexibility.


Comments

01-12-2016 09:40 AM

Yes this request has been delivered in R12.52 SP1 CR04.

 

I have raised an Enhancement (CA SSO : Enhance Multiple ACO in IIS to Multiple SmHost.conf ) to further Enhance this feature after discussions.

 

 

Regards

 

Hubert

01-11-2016 09:51 PM

This should come from product management but I can confirm, this enhancement request has been delivered in r 12.52 SP1 CR04

Web Agent New Features - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation

 

10-19-2015 05:33 AM

Thank you for your contribution of an enhancement idea to the CA Community.   CA is continually working to improve its software and services to best meet the needs of its customers.  Your input is vital to that effort.  The CA Single Sign-On Product Management team has reviewed your suggested enhancement and is pleased to inform you we have decided to incorporate your idea.   We are projecting the GA of this idea in 12.52 SP1 CR04.  Thank you for your contribution to the progress of CA Single Sign-On.

04-10-2015 04:26 PM

 

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers.  Your input is vital to that effort.  The CA Single Sign-On Product Management team is reviewing your enhancement suggestion.  The Community will continue to be able to vote on this enhancement idea.

 

04-06-2015 12:56 PM

Thank you both for ideas

 

We'll look into Option 1 & Option 2 has been on our radar for a while, but still not approve for use in our environments.

03-26-2015 01:00 PM

I see this issue as a Microsoft/IIS issue and not a SiteMinder/SSO issue.

 

I see 2 options for Citi:

1. install more Virtual Machines, each with their own IIS

2. change web server platform to Apache

03-26-2015 11:30 AM

Eh I guess the best way would be to adopt something similar to AgentName parameter in ACO i.e. AgentName to FQDN Mapping. Each Agent Object can then be linked to different realms / policy domain. However all the Agent Objects are tagged into a single ACO for IIS. Currently this is supported.

 

May be have similar concept in have multiple AgentConfiguration to FQDN mapping in WebAgent.conf for IIS i.e.

AgentConfigObject="wac_web1,iiswebsite1.com"

AgentConfigObject="wac_web2,iiswebsite2.com"

AgentConfigObject="wac_web3,iiswebsite3.com"


Need to check however, how this then maps to ServerPath and single LLAWP process vs mutilple LLAWP process.

03-25-2015 03:47 PM

This is possible with Web Servers which support multiple, concurrently running instances, such as Apache, etc (as listed earlier).  IIS only supports a single process and instance.  The LLAWP process runs as a child of the Web server process (In the case of IIS the 'w3wp.exe' process). 

 

There is more to this than duplicating the directory structure.

12-01-2014 11:05 AM

Although I have not tried this, I would think it would work with multiple copies of ...\bin (e.g., copy bin to bin2 and bin3, etc.), where each ...\bin#\IIS\WebAgent.conf points to a different ACO, coupled with configuring IIS such that each web site uses unique combinations of isapi/modules and handler mappings to point to the desired Siteminder DLL (e.g, \bin#\isapi6webagent.dll). If you try this, be sure to set ServerPath in the ACOs to unique locations.

 

Or, use Apache. 

11-18-2014 02:15 PM

Good Point, thx, fixed...

11-18-2014 12:50 PM

Apache and iPlanet/SunOne/Oracle web servers have this.

 

you may be missing people reading  and  supporting as IIS is  not  in the title