AnsweredAssumed Answered

Configuring SiteMinder, Apache and VirtualHosts

Question asked by bencollins on May 29, 2013
Latest reply on May 29, 2013 by peter_caliri
Hi all,

I've been googling like mad but not getting anywhere with my "issue" and i wondered if anyone could point me in the right direction.

I am running a pair of websites under Apache 2.2.22 (let's say domain1.com and domain2.com) on a single server, under a single IP/port. I'm using virtual hosts on the domain name to separate the traffic as required.

Both sites are protected using SiteMinder, with all urls under /secure/ protected (that's the same for both web sites) and all other content public.

We have set up separate policies in SiteMinder for each URL (partly because to start with these sites were on independent servers but now have to reside on the one box), and running a single web agent on the apache server. We also have a desktop SSO config running to.

I'm stuck as how to configure Apache to make this work.

I'm set up as follows:
httpd.conf - no modules being loaded there, but this includes two additional conf files - one for vhosts and one for the SM web agent config (smwa.conf)
The smwa.conf file loads the apache modules in and also contains an SmInitFile directive that points at a default WebAgent.conf file
The default WebAgent.conf file contains the AgentConfigObject directive that points at one of my two policies (aco-domain1.com) as a default. I am not using the agentname directive
The vhosts conf contains additional SmInitFile directives for each vhost that point to their own copy of WebAgent.conf (eg WebAgent.conf.domain1) which are copies of the main WebAgent.conf file but with their matching ACOs

The issue I am getting is an inconsistency in which policy kicks in for each site. They both point to independent login pages, but i find that domain1.com sometimes points to its own login page and other times it points to the domain2.com login page. There doesnt seem to be any pattern to this either.

I've tried things like
- not including the SmInitFile in smwa.conf or not having the default ACoin the default WebAgent config file, but the result is that the first one to load (based on what site i hit first) becomes the one all sites use
- not having the default WebAgent file, but Apache and the web agent will not start
- not defiing the ACO in the default webAgent file,

Has anyone done anything similar and can advise or can anyone point me in the direction of any example configs online?

Thanks!

Outcomes