There are a number of tasks that must be completed in order to fully configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.
Note: You must set up the Policy Server for Web Agent communication before you install a Web Agent and register a trusted host.
To configure a Web Agent
Note: If you create an administrator with only the Register Trusted Hosts privilege, that administrator will not be able to use the Administrative UI.
If you plan to configure an Agent locally, you still need this object to enable the local configuration parameter, AllowLocalConfig.
Note: The Web Agent Configuration Guide contains all the parameter descriptions, the default values, and instructions on setting the parameters. Whether you are configuring a Web Agent centrally or locally, see this guide for parameter descriptions. Additionally, information about Agents and the trusted host registration process exists in the Policy Server Installation Guide and the Web Agent Installation Guide.
To centrally configure Web Agents, perform the steps outlined in Configure a Web Agent. These tasks apply to local and central configuration of a Web Agent.
If you specify any configuration parameters locally, the parameter values in the local Agent configuration file override the values in the corresponding Agent Configuration Object, merging the input from both configuration sources.
To use a local configuration exclusively, without combining input from an Agent Configuration Object and an Agent configuration file, configure the Agent Configuration Object with only the AllowLocalConfig parameter and set it to yes. This ensures that the Web Agent will only have configuration data from the local configuration file.
To better understand how central and local configuration work together, read Combined Central and Local Configuration.
You can create a new Host Configuration object or duplicate an existing object.
To create a host configuration object
The Host Configuration Objects page appears.
Important! Do not directly modify and use the DefaultHostSettings object. Always copy this object and then modify it.
The Create Host Configuration page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The Host Configuration Object is created.
The Web Agent reads both the Agent Configuration Object and the local Agent configuration file, overriding values in the Agent Configuration Object with the values in the local Agent configuration file. The Web Agent merges them together into one configuration source. This enables you to modify only a small subset of Agent parameters locally, then rely on the central Agent Configuration Object for the rest of an Agent’s configuration.
To better understand how central and local configuration work together, read Combined Central and Local Configuration.
To configure parameters locally
Be sure to modify a copy of the Web Agent configuration file and maintain a backup copy.
For all Web Agents except IIS 6.0, there is a WebAgent.conf.sample file In the <web_agent_home>\config directory. You should modify this file, then save it under the name WebAgent.conf to the appropriate web server location.
For IIS 6.0 Web Agents, this Agent uses the LocalConfig.conf file in <web_agent_home>\bin\IIS directory as its active configuration file. Modify this file if you want to make changes. The copy of the LocalConfig.conf file in <web_agent_home>\config is the original that you should not change.
Note: If you are using an IIS 6.0 Web Agent, the main configuration file is called LocalConfig.conf. The WebAgent.conf file is still used, but only for core Agent settings that enable the Agent to start and connect to the Policy Server.
More information about local configuration and parameter descriptions exists in the Web Agent Configuration Guide.
When a Web Agent is enabled, it searches the Agent Configuration Object for configuration information, and notes the value of the AllowLocalConfig parameter. If this parameter is set to yes, the Web Agent searches the corresponding Agent’s local configuration file for modified or additional parameters, overriding any Agent Configuration Object parameters with the value from its configuration file.
Using the central and local configuration sources, the Agent creates a unified local copy of an Agent Configuration Object that it uses for configuration. The local copy does not alter the Agent Configuration Object that resides at the Policy Server.
Scenario:
You want to configure multiple cookie domain single sign-on across your CA SiteMinder® network without having to configure each Agent individually.
The CookieDomain parameter in the Agent Configuration Object is set to acmecorp.com. However, you want to set the CookieDomain parameter to test.com for one Web Agent in your network, while continuing to use all of the other parameter values set in the Agent Configuration Object.
Solution:
To implement the example configuration
The value for the CookieDomain parameter in the Agent configuration file overrides the value in the Agent Configuration Object, while the Agent Configuration Object determines the settings for all the other parameters.
To create a Web Agent identity, create an Agent object in the Administrative UI. The object name must match the Agent name in the AgentName or DefaultAgentName parameter in the Agent configuration file or Agent Configuration Object. The Policy Server uses the Agent identity to map the Agent name to the IP address of the Web server hosting the Web Agent and to associate policies with Web Agents correctly. Creating a Web Agent object and identity lets you associate the Web Agent with a realm.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.
To create a Web Agent object and identity
The Agents page appears.
Verify that the Create a new object of type Agent option is selected.
The Create Agent page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Note: Web Agent names have the following limits:
The Web Agent Object is created.
To create a 4.x Web Agent identity, create an Agent object in the Administrative UI. The object name must match the Agent name in the local Web Agent configuration file. For descriptions of the configuration parameters, see the Web Agent Configuration Guide. Creating a Web Agent object and identity lets you associate the Web Agent with a realm.
Important! You will receive correspondence from CA Technologies regarding the end date for 4.x Web Agent support.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.
To create a 4.x Web Agent object and identity
The Agents page appears.
Verify that the Create a new object of type Agent option is selected.
The Create Agent page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Limits:
The Trust Settings page appears.
Note: Like a single server, virtual servers have defined names and IP addresses. Each Agent on a virtual server must have a unique Agent name.
Limits:
Note: Virtual servers on the same Web server must share the same secret. When a 4.x Agent attempts to connect to the Policy Server, the Agent and Policy Server use the shared secret for mutual authentication.
The 4.x Web Agent object is created.
The following procedure contains the two general sub-procedures required to set the configuration parameters of an agent configuration object.
To define the Web Agent’s configuration
Note: When configuring centrally or locally configuring a Web Agent, refer to the Web Agent Configuration Guide for parameter descriptions, the default values, and instructions on setting the parameters.
Copyright © 2013 CA.
All rights reserved.
|
|