Symantec Access Management

  • Private Community

  • 1.  how to setup multiple domain in fss gui siteminder

    Posted Sep 21, 2015 11:07 AM

    Hi,

     

    can any one help me to set up a multiple domain in siteminder FSS gui. I tried but getting error while setting for relam for 2nd domain. Any suggestion  ?



  • 2.  Re: how to setup multiple domain in fss gui siteminder

    Posted Sep 21, 2015 01:28 PM

    ChittaranjanMuduli

     

    Are you referring to the Old SiteMinder Applet Based UI? OR the new WAM UI? I am assuming you are referring to the old one. Please confirm this and the Version of SiteMinder.

     

    Also are you referring to Web Domain of GUI or Cookie Domain or Policy Domain - please could you clarify.

     

     

     

     

    If Web Domain of UI, Then.....

     

    It is fairly easy to do it via WAM UI by protecting the WAM UI using an SPS or WebAgent WebServer.

     

    Protecting the Administrative UI - CA SiteMinder® - 12.52 SP1 - CA Technologies Documentation

     

    1.JPG

     

     

    Regards

     

    Hubert



  • 3.  Re: how to setup multiple domain in fss gui siteminder

    Posted Sep 22, 2015 07:36 AM

    HI Hubert,

     

    Its in old siteminder R12.0 which has applet based UI and the domain I am specifying is the AD (Active directory) for Policy domain.



  • 4.  Re: how to setup multiple domain in fss gui siteminder

    Posted Sep 22, 2015 12:47 PM

    ChittaranjanMuduli

     

    We have multiple AD Domains. Are these Domains in any way connected OR totally different AD Domain bearing no relation to each other.

     

     

    Just my thinking....

     

    1. You could simply create 2 User Directory Objects in SiteMinder i.e. one for Each Domain. You would need to disable Referrals in SiteMinder in this case. You may additional configure the AD itself to not pass referral info to clients.
    2. OR, create 1 User Directory Object in SiteMinder and make use of the LDAP Referral capability to search and return objects from different AD Domains (As long as different AD Domains are under the same forest and share the same schematics - though data is different).

     

     

     

     

    There are some good content about LDAP Referrals.

     

    General AD Content

    LDAP Referrals

    How Active Directory Searches Work: Active Directory

    Referrals (Windows)

     

     

    CA SSO Content

    Re: Tech Tip : CA Single Sign-On ::  Policy Server  :: Disable LDAP Referrals

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec601497.aspx

    How to disable LDAP referrals ?

    Tech Tip : CA Single Sign-On ::  Policy Server  :: Disable LDAP Referrals

    Re: SiteMinder Policy Server Goes down

    RE: [CA SiteMinder General Discussion] How to disable AD Referrals ?

    DISABLING LDAP REFERRALS FROM HAPPENING FOR A CORPORATE USER STORE

     

     

    Regards

    Hubert



  • 5.  Re: how to setup multiple domain in fss gui siteminder

    Posted Sep 23, 2015 12:49 AM

    Hi ChittaranjanMuduli

    If you can share a screenshot to show what you configured and what error that you encounter, it will give us better idea.

     

    Thanks

    Kar Meng