Symantec Access Management

  • Private Community

  • 1.  Different ACO for each apache virtual host

    Posted Aug 22, 2016 07:35 PM

    Hi,

     

    I have a requirement as below.

     

    RedHat Apache web server running multiple virtual hosts. All virtual hosts are for the same cookie domain.

     

    VHost1 - app1.example.com

    VHost2 - app2.example.com

     

    Now I want to set it up such that there is no SSO between the two applications. If I login to app1, and then go to app2, it should not log me in. It should throw the login page. and vice versa. As of now both these apps are in the same ACO, so I'm unable to separate them through zones.

     

    Ideally, I'd like to have a separate webagent.conf pointing to a different ACO for each of these virtual hosts so that I can set each of them up in a zone of their own.

     

    Has anyone done this before? is this a supported config? I notice that in the SPS, the server.conf has a separate webagent.conf for the default virtual host and the webservices virtual host. I wonder if this translates to a apache http web server as well?

     

    Regards,

    Anand.



  • 2.  Re: Different ACO for each apache virtual host

    Posted Aug 22, 2016 09:49 PM

    Hi Anand,

     

    Yes, you can have WebAgent.conf for respective webserver instance. ServerPath creates a unique identifier for each agent running on the specific webserver instance.

     

    For details, please refer to CA SiteMinder® Integrated Documents 12.52 SP1



  • 3.  Re: Different ACO for each apache virtual host

    Posted Aug 23, 2016 01:02 PM

    Thanks wonsa03

     

    The problem is I don't have separate apache instances. I only have one instance, and one httpd.conf.

     

    This httpd.conf has multiple virtual hosts defined. In this scenario, can each virtual host have it's own webagent.conf?

     

    Regards,

    Anand.



  • 4.  Re: Different ACO for each apache virtual host
    Best Answer

    Posted Aug 23, 2016 11:37 PM

    Hi Anand,

     

    It doesn't seem possible to have ACO for respective virtual host, under same webserver instance.

     

    Comparing SPS with normal Apache webagent, both uses SmInitFile but SPS does not specify the sm_module in httpd.conf. When Apache loads the sm_module, it references the WebAgent.conf on the server level.

     

    However, do raise this as an enhancement request under Ideas.



  • 5.  Re: Different ACO for each apache virtual host

    Broadcom Employee
    Posted Aug 23, 2016 10:37 AM

    Hi,

     

    Just to add, you'll find further precision in that thread too :

     

    Configuring SiteMinder, Apache, VirtualHosts and multiple Policy Servers

     

    Best Regards,

    Patrick



  • 6.  Re: Different ACO for each apache virtual host

    Posted Aug 24, 2016 12:48 AM

    That doesn't seem relevant. That talks about multiple Apache instance, the current thread is about single Apache instance with multiple WebAgent.conf which is not possible to my knowledge.