Previous Topic: Web Agent Configuration OverviewNext Topic: Agent Configuration Object Overview


How to Configure a Web Agent

There are a number of tasks that must be completed in order to fully configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.

Note: You must set up the Policy Server for Web Agent communication before you install a Web Agent and register a trusted host.

To configure a Web Agent

  1. Install a Policy Server.
  2. Create a Host Configuration Object.
  3. Grant the Register Trusted Hosts privilege to a Policy Server Administrator. An administrator must have the privilege to register trusted hosts.

    Note: If you create an administrator with only the Register Trusted Hosts privilege, that administrator will not be able to use the Administrative UI.

  4. Create an Agent object to name the Agent. Do not confuse this object with an Agent Configuration Object.
  5. Create an Agent Configuration Object.

    If you plan to configure an Agent locally, you still need this object to enable the local configuration parameter, AllowLocalConfig.

  6. At the client site, install the Web Agent.
  7. Register the trusted host. Part of this process is to provide the name of the Host Configuration Object that you already created at the Policy Server.
  8. When the Agent-related policy objects are configured, enable the Web Agent. This setting is in the local Agent configuration file.

Note: The Web Agent Configuration Guide contains all the parameter descriptions, the default values, and instructions on setting the parameters. Whether you are configuring a Web Agent centrally or locally, see this guide for parameter descriptions. Additionally, information about Agents and the trusted host registration process exists in the Policy Server Installation Guide and the Web Agent Installation Guide.

More information:

Host Configuration Objects for Trusted Hosts

Agent Configuration Object Overview

Enable a Web Agent

Configure Web Agents Centrally

To centrally configure Web Agents, perform the steps outlined in Configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.

If you specify any configuration parameters locally, the parameter values in the local Agent configuration file override the values in the corresponding Agent Configuration Object, merging the input from both configuration sources.

To use a local configuration exclusively, without combining input from an Agent Configuration Object and an Agent configuration file, configure the Agent Configuration Object with only the AllowLocalConfig parameter and set it to yes. This ensures that the Web Agent will only have configuration data from the local configuration file.

To better understand how central and local configuration work together, read Combined Central and Local Configuration.

Create a Host Configuration Object

You can create a new Host Configuration object or duplicate an existing object.

To create a host configuration object

  1. Click Infrastructure, Hosts.
  2. Click Host Configuration Objects.

    The Host Configuration Objects page appears.

  3. Click Create Host Configuration.
  4. Do one of the following:
  5. Click OK.

    The Create Host Configuration page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  6. Type the name and a description.
  7. In Configuration Values, specify the Host Configuration settings.
  8. Click Submit.

    The Host Configuration Object is created.

Configure Web Agents Locally

The Web Agent reads both the Agent Configuration Object and the local Agent configuration file, overriding values in the Agent Configuration Object with the values in the local Agent configuration file. The Web Agent merges them together into one configuration source. This enables you to modify only a small subset of Agent parameters locally, then rely on the central Agent Configuration Object for the rest of an Agent’s configuration.

To better understand how central and local configuration work together, read Combined Central and Local Configuration.

To configure parameters locally

  1. Obtain permission to perform local configuration from a Policy Server administrator.
  2. Complete the steps in How to Configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.
  3. In the Agent Configuration Object, set the AllowLocalConfig parameter to yes.
  4. Edit the Web Agent configuration file (WebAgent.conf and/or LocalConfig.conf).

    Be sure to modify a copy of the Web Agent configuration file and maintain a backup copy.

    For all Web Agents except IIS 6.0, there is a WebAgent.conf.sample file In the <web_agent_home>\config directory. You should modify this file, then save it under the name WebAgent.conf to the appropriate web server location.

    For IIS 6.0 Web Agents, this Agent uses the LocalConfig.conf file in <web_agent_home>\bin\IIS directory as its active configuration file. Modify this file if you want to make changes. The copy of the LocalConfig.conf file in <web_agent_home>\config is the original that you should not change.

    Note: If you are using an IIS 6.0 Web Agent, the main configuration file is called LocalConfig.conf. The WebAgent.conf file is still used, but only for core Agent settings that enable the Agent to start and connect to the Policy Server.

    More information about local configuration and parameter descriptions exists in the Web Agent Configuration Guide.

Combined Central and Local Configuration

When a Web Agent is enabled, it searches the Agent Configuration Object for configuration information, and notes the value of the AllowLocalConfig parameter. If this parameter is set to yes, the Web Agent searches the corresponding Agent’s local configuration file for modified or additional parameters, overriding any Agent Configuration Object parameters with the value from its configuration file.

Using the central and local configuration sources, the Agent creates a unified local copy of an Agent Configuration Object that it uses for configuration. The local copy does not alter the Agent Configuration Object that resides at the Policy Server.

Example of Using Central and Local Configuration

Scenario:

You want to configure multiple cookie domain single sign-on across your CA SiteMinder® network without having to configure each Agent individually.

The CookieDomain parameter in the Agent Configuration Object is set to acmecorp.com. However, you want to set the CookieDomain parameter to test.com for one Web Agent in your network, while continuing to use all of the other parameter values set in the Agent Configuration Object.

Solution:

To implement the example configuration

  1. Configure an Agent Configuration Object with all the parameters applicable for your environment.
  2. In the Agent Configuration Object, set the AllowLocalConfig parameter to yes.
  3. For the single Web Agent, change only the CookieDomain parameter to test.com. Do not modify any other parameters.

The value for the CookieDomain parameter in the Agent configuration file overrides the value in the Agent Configuration Object, while the Agent Configuration Object determines the settings for all the other parameters.

Create an Agent Object to Establish a Web Agent Identity

To create a Web Agent identity, create an Agent object in the Administrative UI. The object name must match the Agent name in the AgentName or DefaultAgentName parameter in the Agent configuration file or Agent Configuration Object. The Policy Server uses the Agent identity to map the Agent name to the IP address of the Web server hosting the Web Agent and to associate policies with Web Agents correctly. Creating a Web Agent object and identity lets you associate the Web Agent with a realm.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

To create a Web Agent object and identity

  1. Click Infrastructure, Agent.
  2. Click Agents

    The Agents page appears.

  3. Click Create Agent.

    Verify that the Create a new object of type Agent option is selected.

  4. Click OK.

    The Create Agent page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Type the name and description of the Agent.

    Note: Web Agent names have the following limits:

  6. Select CA SiteMinder® as the Agent Style and Web Agent as the Agent Type.
  7. Click Submit.

    The Web Agent Object is created.

More information:

Realms

Duplicate Policy Server Objects

Configure an Agent Object for a 4.x Web Agent Identity

To create a 4.x Web Agent identity, create an Agent object in the Administrative UI. The object name must match the Agent name in the local Web Agent configuration file. For descriptions of the configuration parameters, see the Web Agent Configuration Guide. Creating a Web Agent object and identity lets you associate the Web Agent with a realm.

Important! You will receive correspondence from CA Technologies regarding the end date for 4.x Web Agent support.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

To create a 4.x Web Agent object and identity

  1. Click Infrastructure, Agent.
  2. Click Agents.

    The Agents page appears.

  3. Click Create Agent.

    Verify that the Create a new object of type Agent option is selected.

  4. Click OK.

    The Create Agent page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Type the name and description of the Agent.

    Limits:

  6. Confirm the following:
  7. Select the Supports 4.x agents option.

    The Trust Settings page appears.

  8. Enter the IP Address of the server on which the Agent resides.

    Note: Like a single server, virtual servers have defined names and IP addresses. Each Agent on a virtual server must have a unique Agent name.

  9. Type and confirm a shared secret.

    Limits:

    Note: Virtual servers on the same Web server must share the same secret. When a 4.x Agent attempts to connect to the Policy Server, the Agent and Policy Server use the shared secret for mutual authentication.

  10. Click Submit.

    The 4.x Web Agent object is created.

More information:

Realms

Duplicate Policy Server Objects

Set the Configuration Parameters in the Agent Configuration Object

The following procedure contains the two general sub-procedures required to set the configuration parameters of an agent configuration object.

To define the Web Agent’s configuration

  1. Create an Agent Configuration Object.
  2. Modify the configuration parameters in this object.

Note: When configuring centrally or locally configuring a Web Agent, refer to the Web Agent Configuration Guide for parameter descriptions, the default values, and instructions on setting the parameters.

More information:

Agent Configuration Object Overview