Use CA SiteMinder with CA Process Automation › Configure CA SiteMinder Secure Proxy Server for CA Process Automation

Configure CA SiteMinder Secure Proxy Server for CA Process Automation

To configure CA SiteMinder Secure Proxy Server (CA SiteMinder SPS) for CA Process Automation, access the CA SiteMinder Secure Proxy Server Administrative UI. For more information, see the CA SiteMinder Secure Proxy Server Administration Guide.

Important! Before you configure CA SiteMinder SPS for CA Process Automation, consult your CA SiteMinder Administrator. Your company may have established policies for selecting or creating Domains, naming conventions for other entities, or other site-specific security considerations.

Follow these steps::

1. Install CA SiteMinder SPS. For more information, see CA SiteMinder Secure Proxy Server Administration Guide.
2. Configure the CA SiteMinder Policy Server Objects
3. Locate the proxyrules.xml file of the CA SiteMinder SPS in the following location:

   $SecureProxyInstallLoc/proxy-engine/conf

4. Add the following rules within the <nete:proxyrules> tag:

   Note: Provide the appropriate rules that are based on the setup environment as follows:

   • For a cluster environment, the request is forwarded to the loadbalancer. You provide the following rule with loadbalancer details: <nete:forward>http://< loadbalancer hostname:port >$0</nete:forward>
   • For Standalone domain, the request is forwarded to a standalone domain. You provide the following rule with loadbalancer details: <nete:forward>http://<standalone domain hostname:8080>$0</nete:forward>

   Non-Secure Communications using CA SiteMinder SPS:

   For a cluster environment in a non-secure proxy server environment, add the following rule:

     <nete:cond criteria="beginswith" type="uri">
                 <nete:case value="/itpam/">
            <nete:forward>http:// <loadbalancer hostname:port>$0</nete:forward> 
         </nete:case>
         <nete:case value="/itpam">
           <nete:forward>http:// <loadbalancer hostname:port>/itpam/</nete:forward>
         </nete:case>
      <nete:case value="/birt">
          <nete:forward>http:// <loadbalancer hostname:port>$0</nete:forward>
         </nete:case>
   		<nete:case value="/ucf/BrokerService">
   		<nete:forward>http://<loadbalancerhost>:<loadbalancer port for REST services>$0</nete:forward>
   	   </nete:case>
          <nete:case value="/node/rest/CA:00074_CA:00074:01">
          <nete:forward>http://<loadbalancerhost>:<lb port for REST services>$0</nete:forward>
         </nete:case>
         <nete:default>
            <nete:forward>http://www.ca.com/</nete:forward>
         </nete:default>  
     </nete:cond>
   

   Note: You should define the loadbalancerhost name as a FQDN hostname. For example, loadbalancer12 .ca.com is a FQDN hostname.

   Secure Communications using CA SiteMinder SPS:

   Note: To configure CA SiteMinder SPS for secure communications, refer the CA SiteMinder Secure Proxy Server Administration Guide.

   For a cluster environment in a secure environment, configure CA SiteMinder SPS as follows:

   1. Add the following rule:

        <nete:cond criteria="beginswith" type="uri">
                    <nete:case value="/itpam/">
               <nete:forward>https:// <loadbalancer hostname:port>$0</nete:forward> 
            </nete:case>
            <nete:case value="/itpam">
              <nete:forward>https:// <loadbalancer hostname:port>/itpam/</nete:forward>
            </nete:case>
         <nete:case value="/birt">
             <nete:forward>https:// <loadbalancer hostname:port>$0</nete:forward>
            </nete:case>
      		<nete:case value="/ucf/BrokerService">
      		<nete:forward>https://<loadbalancerhost>:<loadbalancer port for REST services>$0</nete:forward>
      	   </nete:case>
             <nete:case value="/node/rest/CA:00074_CA:00074:01">
             <nete:forward>https://<loadbalancerhost>:<lb port for REST services>$0</nete:forward>
            </nete:case>
            <nete:default>
               <nete:forward>http://www.ca.com/</nete:forward>
            </nete:default>  
        </nete:cond>
      

   Note: You should define the loadbalancerhost name as a FQDN hostname. For example, loadbalancer12 .ca.com is a FQDN hostname.

   1. If CA Process Automation is in secure mode, configure CA SiteMinder SPS in secure mode. To configure CA SiteMinder SPS in secure mode, see CA SiteMinder Secure Proxy Server Administration Guide.
   2. For secure mode, you need to generate the CA Process Automation certificate. To generate the CA Process Automation certificate, see the Generate SSL Certificate Files section.
   3. Copy the content of the CA Process Automation certificate (c2ocert.pem) and append the content to the certificate bundle file (ca-bundle.cert file) in the following location:

      <CA SiteMinder SPS Installation_dir> \SSL\certs\ ca-bundle.cert

      Note: When integrating SPS with a CA Process Automation cluster using an Apache load balancer in secure communication, add the Apache certificates to the SPS cert bundle.

5. Restart CA SiteMinder SPS.

Note: To use CA SiteMinder SPS with CA Process Automation, you configure the SSO details in the configuration screen during the CA Process Automation installation.

By default, CA Process Automation uses SSO Authentication Type as Header and Authentication Parameter as sm_user. CA Process Automation Install and Upgrade does not support CA SiteMinder Web Agent on Apache and IIS. CA Process Automation Install and upgrade uses only CA SiteMinder SPS. When you upgrade CA Process Automation, you provide the CA SiteMinder SPS details to use SSO instead of Web Agent on Apache. For more information, see Install the Domain Orchestrator section.