AnsweredAssumed Answered

New to CA Access Gateway - r12.52 SP1 CR05

Question asked by dmt953 on Feb 15, 2017
Latest reply on Aug 18, 2017 by dmt953

Hi Folks,

 

So we have our CA Secure Proxy Server r12.52 SP1 installed and configured with our policy server but I can't seem to find documentations on how to actually start protecting a new or an existing web application with the Secure Proxy Server.  Example: We have an existing app: http://ourapp.company.com/secure/home  which is currently protected by the traditional SiteMinder web agent architecture.  This app is fronted with an Apache web server which as a SiteMinder Apache web agent installed protecting this app.  On the policy server side we have an application Domain created for this app which has a Agent/ACO/Realm/Rule/Policy/Auth Scheme, etc,.

 

If we decide to remove the Apache web server fronting this app and replaced it with an NGinx web server, which does not have a supported SiteMinder web agent and therefore we are forced to use the SPS to protect this app rather than the traditional web agent, what would my process be in this scenario?  I understand that the very first thing that needs to happen is to modify our DNS so that HTTP request to http://ourapp.company.com/secure/home will no longer go to our Apache web server but instead it would resolve to an IP address that is bind to a virtual host on the SPS machine, but what about the rest of the flow?

 

Once an HTTP request to: http://ourapp.company.com/secure/*  reaches the SPS vhost, is there some kind of ACO on the SPS that see this request and map it to a SiteMinder Agent which then map to the policy Domain realm?  I just feel like there is something very simple here but I am missing that connection with the SPS concept.

 

Much thanks in advance,

 

Duc Tran,

Outcomes