We have a requirement where we need to integrate SharePoint 2013 with SiteMinder R12.52, however below are the requirements.
1, Internal users logging in from Internal network will go through the IWA from SharePoint, where they would be authenticated automatically, since either they use device from firm and they are within the internal network, SiteMinder should not interpret the request in this case.
2. External user logging in from external network will use different url(ex: abcportal.abc.com), here the users either the employee or external(partner/customers/contractors) should get authenticated by SiteMinder and allow them to SharePoint to access the authorized pages. SharePoint team has decided to isolate the external ips and route it to SiteMinder. But the question here is what will be the url i will provide them to route the request.
So my questions are:
1. Can i install SharePoint agent on the same server where we have agent/waop and servletExec installed, but as per docs, SharePoint cannot be installed on the server which has proxy server.
2. what will be url i should provide them, if i install SharePoint agent in a separate server?
3. do i have to create both application and policy domain, what is CA DLP? or either of the one is enough?
4. what would be the ideal design for this requirements?
5. If we could use Split DNS and route the request from External IP, where will i install the certificate from SiteMinder Federation?
Your ideas and help would be greatly appreciated, as this is my first SharePoint integration.