Symantec Access Management

Hi team, I am a novice in Siteminder. I have set up 3 different host(abc.com,mno.com,xyz.com) in my web server using virtual host. Now, I have different realms/policy to access 3 different resources under different host. I need to have SSO among them. According to guide, I feel I require 3 different web servers (to have 3 different ACO for each) to setup the cookie domain parameters. I would like to know if SSO will be possible using single web server or not. I tried and ended up with error like "Cookie is missing". Please help.

It is dependent on how the WebServer is configured, if it is a single WebServer instances e.g. IIS or single Apache Instance (single httpd.conf) - then you could only have one ACO.

IIS is an exception in that there could be only one ACO, since only one WebAgent could be configured with IIS till date. There is an enhancement request being worked upon to allow using multiple ACOs on IIS.

Apache, we can create multiple instances of Apache using a single install of Apache. Thus there is an httpd.conf per instance of Apache. We could now map a unique WebAgent.conf (with a unique ACO in each) to each httpd.conf. Each httpd.conf could be an independant WebSite (e.g. abc.com or xyz.com).

For SSO you definitely need a Cookie Provider. All WebAgents can act as a CookieProvider. It is only a matter of designating one as the Cookie Provider and then pointing all other WebAgent which need to be in SSO to that CookieProvider.

Using a Cookie Provider for Cross Domain SSO - CA Technologies

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec456839.aspx

Regards

Hubert