Symantec Access Management

Is it possible to have two applications on the same server serviced by one Web Agent? Would this be done by using a joint ACO that contains both of the Application Agents and URLs? This will be the first time we are going to co-locate applications on one server and therefore are looking for a little guidance on the standard way to do it. This will ultimately be on a Windows 2016 server using 12.52SP1CR09 Web Agent and 12.7SP1 Policy Server. 

Yes, by default the web agent will support an unlimited number of applications on a single host.

When a web agent receives a new request, one of the very first things it does is evaluate whether the requested resource is protected or not. To determine this, the web agent uses two pieces of information: the URI of the requested resource and the resolved AgentName. You can define as many AgentName entries as you like to accommodate your different applications and how you want to protect them. The web agent uses the incoming request HOST header value to map the request to an AgentName (if no defined agent names match (or none have been defined), the web agent will map the request to the DefaultAgentName).

Once the web agent has gathered these two pieces of information from the incoming request, it sends them in what is called an IsProtected call to the policy server. If the URI and AgentName match a protected Realm, the policy server will let the web agent know that the resource is protected and which authentication scheme the web agent should invoke if the requesting user is not yet authenticated. In addition to determining the authentication scheme to use, the Realm to which a request maps also determines other properties of the user's session such as timeouts and persistence.

-Pete