Web Agent Guides › Web Agent Configuration Guide › SSO Security Zones › Agents and Reverse Proxy Servers
Agents and Reverse Proxy Servers
See any of the following topics to manage your CA SiteMinder® agent that is deployed on reverse proxy servers:
How Reverse Proxy Servers Work with CA SiteMinder®
A reverse proxy server is a proxy server that acts on behalf of an enterprise to forward requests to the internal network of an organization. The reverse proxy server allows clients to access resources on backend servers (those servers behind a firewall).
Reverse proxy servers provide the following advantages:
- Users within a cookie domain can access resources on backend servers without reauthenticating. Users from other domains must authenticate through the reverse proxy server and typically, a firewall before gaining access to those same backend servers.
- Users can access different resources that are hosted on several backend servers using the same domain name.
- Reverse proxy agents support the same features as other CA SiteMinder® agents.
- Protection resources that are on servers for which a CA SiteMinder® agent is not supported. In this situation, deploy a reverse proxy server before the backend server. The supported agent protects the resources hosted on the backend server. The backend server does not require a CA SiteMinder® agent.
CA SiteMinder® agents that are installed on the reverse proxy server can protect resources on backend servers. The following illustration shows a network with a reverse proxy server using a CA SiteMinder® agent:
CA SiteMinder® Secure Proxy Server
For users who require a more sophisticated reverse proxy solution, CA SiteMinder® SPS provides the following benefits over the Apache or Oracle iPlanet-based CA SiteMinder® Reverse Proxy Agent:
- An embedded and fully supported web server, including SSL accelerator card support and a GUI tool for managing keys and certificates
- Support for multiple session schemes (cookie-based, and cookie-less)
- Support for flexible proxy rules, such as the following:
- Support for rules that are based on HTTP headers and CA SiteMinder® responses, in addition to URLs.
- Ease of use for complex rules.
SM_PROXYREQUEST HTTP Header for CA SiteMinder® Processing with Secure Proxy Server
CA SiteMinder® SPS introduces a new layer in the traditional CA SiteMinder® architecture. This layer forwards or redirects all requests to destination servers in the enterprise.
When CA SiteMinder® SPS processes a request, the URL requested by the user is preserved in an HTTP header variable named SM_PROXYREQUEST. Other applications that require the original URL requested by a user before CA SiteMinder® SPS proxied the request can use this header.
Copyright © 2013 CA.
All rights reserved.
|
|