Rahul Joshiya

CA siteminder webagent install on a tomcat webserver (Using IIS or Apache as Proxy)

Discussion created by Rahul Joshiya on Feb 22, 2016
Latest reply on Feb 25, 2016 by CBertagnolli



I am sure a lot of people are looking for this kind of integration,  where customers do not have an tomcat web-agent installer/license to configure on a tomcat web server to protect applications.


If that is the case we can take two approaches.


OPTION- 1. Install Apache on the tomcat websever which will act as a proxy. This setup needs a connector which is available on the Apache website. CA has this setup inforamtion on their KB as well. I am just sharing the link for ease below.



OPTION-2. This is not on the CA's K-Base so I am posting it.

You can use IIS as a proxy as well(much easier). If the tomcat web-server already has IIS installed on it below are instructions to use the regular IIS  web agent for integration


1. Install IIS on the WIN server (If already exists ignore)

2. Download the tomcat and IIS connector (Check the install section on this link: The Apache Tomcat Connectors - Webserver HowTo - IIS HowTo  )

3. Unzip it. Copy the DLL file (ISAPI redirector) to the Apache Install/bin or to any location. We will be later pointing registry entry to this location.

4. https://tomcat.apache.org/connectors-doc/webserver_howto/iis.html Keep this link open in another browser window to check the examples and steps to configure the redirector.

5. Copy over sample Worker.properties (This will have the tomcat port and the tomcat server name) and URIworker.properties (give the URL pattern here. So if IIS gets that pattern then IIS will use the connector to forward to tomcat)

          Note: Make sure you edit the files according to your environment.

6. Go through the “Configuring the ISAPI Redirector” section from above link(step 4) and follow the instructions from there. Make sure the location can be different based on 64 bit or 32 bit.

7. Test the sample URL and see if the proxy works first.

8. Install the IIS Web agent and configure it just like how you do it for protecting any applications.



Rahul Joshiya