You can configure an Apache web server to function as a reverse proxy server with any CA SiteMinder® agent. The following process lists the steps for configuring an Apache reverse proxy server:
Update the Apache Web Server Configuration File
Update the configuration file of Apache web server to make the Apache web server function as a reverse proxy server with a CA SiteMinder® agent.
Follow these steps:
/etc/httpd/conf/httpd.conf
Allows mapping of remote servers to the local server. The values in this directive use the following format:
/local_virtual_path partial_URL_of_remote_server
Example: ProxyPass /realma/ http://server.example.org/realma/
Allows adjustment of the location header by the Apache server on HTTP redirect responses. The values in this directive use the following format:
/local_virtual_path partial_URL_of_remote_server
Example: ProxyPassReverse /realma/ http://server.example.org/realma/
For the Apache web server, add the following Proxy Pass settings to the configuration file.
# SiteMinder Administrative UI <Location "/iam/siteminder/"> <IfModule proxy_module> ProxyPass http://hostname:port/iam/siteminder/ ProxyPassReverse http://hostname:port/iam/siteminder/ </IfModule> # Alternate unavailable page ErrorDocument 503 /siteminderagent/adminui/HTTP_SERVICE_UNAVAILABLE.html </Location> # CA Styles r5.1.1 <Location "/castylesr5.1.1/"> <IfModule proxy_module> ProxyPass http://hostname:port/castylesr5.1.1/ ProxyPassReverse http://hostname:port/castylesr5.1.1/ </IfModule> </Location>
Note: hostname:port refers to the host and port of the application server running the Administrative UI.
LoadModule proxy_module modules/mod_proxy.so
Update the Agent Configuration Parameters for a SiteMinder Agent
For Apache-based servers behind the Apache reverse proxy server, update the following agent configuration parameters.
Follow these steps:
Specifies if a Web Agent is acting as a reverse proxy agent.
When the value of this parameter is yes, the CA SiteMinder® agent on the front-end server preserves the original URL that the user requested in the SM_PROXYREQUEST HTTP header. This header is created whenever protected and unprotected resources are requested. The back-end server can read this header to obtain information about the original URL.
Default: No
Specifies the number of seconds the reverse proxy server waits for the CA SiteMinder® agent that is deployed behind it to respond to a request.
Default: 120
Note: This parameter applies to Apache-based agents only.
Instructs the agent on a destination server to trust authorizations received from a CA SiteMinder® agent on a proxy server. A destination server is a server that is behind a reverse proxy server. Setting this value to yes increases efficiency because only the agent on the proxy server contacts the Policy Server for authorization. The agent operating on the destination server does not contact the Policy Server again reauthorize users.
Default: No
%
Note: For more information about modifying agent configuration parameters, see the Policy Server Configuration Guide.
Copyright © 2014 CA.
All rights reserved.
|
|