Protecting the Administrative UI with CA SiteMinder® requires that you configure an agent to function with a reverse proxy server and configure an external administrator store. Rather than accessing the Administrative UI directly on the application server, you access the Administrative UI through the reverse proxy server.
Consider the following:
You can protect the Administrative UI with CA SiteMinder®:
Follow these steps:
Certain types of web servers, such as Apache, that support CA SiteMinder® Web agents can also function as reverse proxy servers. See the support matrix for the supported servers.
Note: Update the configuration file of Apache web server to make the Apache web server function as a reverse proxy server. For more information about configuring a reverse proxy server and updating the configuration file, see the Web Agent Configuration Guide.
Important! The URL used in the rules that are set for the proxy server must be the same URL used to register the Administrative UI initially.
Example:
If the Administrative UI was initially registered with the following URL, specify the same URL in the proxy server rules.
http://host_name:8080/iam/siteminder/adminui
/iam/siteminder/logout.jsp
Note: For more information about setting the LogOffUri parameter, see the Web Agent Configuration Guide.
Note: The application server restarts automatically after you configure the external administrator store. The Administrative UI is protected with CA SiteMinder® only after the restart.
The default CA SiteMinder® authentication scheme used to protect the Administrative UI is basic user name and password. You can change the default authentication scheme to any CA SiteMinder® supported authentication scheme, except SAML and WS-Fed authentication.
Follow these steps:
SiteMinder_ims_realm
Note: This realm is associated with a domain named SiteMinderDomain.
The Administrative UI is protected using the selected authentication scheme.
If you do not want to protect the Administrative UI with CA SiteMinder®, you can disable CA SiteMinder® authentication. You can access the Administrative UI through the reverse proxy server only even after you remove CA SiteMinder® protection for the Administrative UI.
To access the Administrative UI directly on an application server, delete the data directory and reregister the Administrative UI with the Policy Server.
Follow these steps:
Note: Leave the existing directory server or database connection information to continue using the external administrator store.
install_dir/adminui/server/default/data
Note: For more information about resetting the registration window and register the Administrative UI, see the Policy Server Installation Guide.
Copyright © 2013 CA.
All rights reserved.
|
|