Previous Topic: Create a 4.x Agent Object for the SharePoint Connection WizardNext Topic: Create A User Directory Connection

Agent for SharePoint GuideHow to Configure your CA SiteMinder Policy ServerCreate an Agent Configuration Object

Create an Agent Configuration Object

An embedded Apache web server is part of the Agent for SharePoint. An Agent Configuration Object (ACO) on the Policy Server contains configuration parameters that control the behavior of the agent running on the embedded web server.

Agents need values in certain parameters to start. For example, all agents need one value in either of the following parameters:

Other parameters control optional functions that you can set anytime. For example, if you decide to store agent logs on your web server, you can set those parameters later. Agents do not need values in logging parameters to start.

Note: For more information about other parameters in your ACO that are not listed here, see the CA SiteMinder Web Agent Configuration Guide.

Follow these steps:

  1. Click Infrastructure, Agent Configuration, Create Agent Configuration.

    The Create Agent Configuration: Search pane opens.

  2. Click the following buttons:

    Important! Only copy the SharePoint2010DefaultSettings ACO object. Do not copy any other object in the list.

  3. Click OK.
  4. Type the name and a description for the agent configuration object.
  5. If you have multiple virtual hosts and plan to assign different Agent identities to each virtual host, use the AgentName parameter. Use the DefaultAgentName parameter, if different Agent identities for virtual hosts are not required. Remove any # character in front of the parameter name, and then change the value of one of the following parameters (not both):
    AgentName

    Defines the identity of the web agent. This identity links the name and the IP address or FQDN of each web server instance hosting an Agent.

    The value of the DefaultAgentName is used instead of the AgentName parameter if any of the following events occur:

    • The AgentName parameter is disabled.
    • The value of AgentName parameter is empty.
    • The values of the AgentName parameter do not match any existing agent object.

    Note: This parameter can have more than one value. Use the multivalue option when setting this parameter in an Agent Configuration Object. For local configuration files, add each value to a separate line in the file.

    Default: No default

    Limit: Multiple values are allowed.

    Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one or more printable characters. Cannot contain the ampersand (&) and asterisk (*) characters. The value is not case-sensitive. For example, the names MyAgent and myagent are treated the same.

    Example: myagent1,192.168.0.0 (IPV4)

    Example: myagent2, 2001:DB8::/32 (IPV6)

    Example: myagent,www.example.com

    DefaultAgentName

    Defines a name that the agent uses to process requests. The value for DefaultAgentName is used for requests on an IP address or interface when no agent name value exists in the AgentName parameter.

    If you are using virtual servers, you can set up your CA SiteMinder environment quickly by using a DefaultAgentName. Using DefaultAgentName means that you do not need to define a separate agent for each virtual server.

    Important! If you do not specify a value for the DefaultAgentName parameter, then the value of the AgentName parameter requires every agent identity in its list. Otherwise, the Policy Server cannot tie policies to the agent.

    Default: No default.

    Limit: Multiple values are allowed.

    Limits: Must contain 7-bit ASCII characters in the range of 32-127, and include one or more printable characters. Cannot contain the ampersand (&) and asterisk (*) characters. The value is not case-sensitive. For example, the names MyAgent and myagent are treated the same.

  6. Change the value of the following parameter:
    LogOffUri

    Enables full log‑out and displays a confirmation page after users are successfully logged off. Configure this page so that it cannot be stored in a browser cache. If a cached page is used, session hijacking by unauthorized users is possible.

    When the SharePoint users click the Sign out link, the following URI is used:

    • /_layouts/SignOut.aspx

    When the SharePoint users click the Sign in as another user link, the following URI is used:

    • /_layouts/accessdenied.aspx?loginasanotheruser=true

    If you have multiple SharePoint web sites below a top-level SharePoint website, add the URIs of the lower-level sites to the LogOffURI parameter.

    Note: When the CookiePath parameter is set, the value of the LogOffUri parameter must point to the same cookie path. For example, if the value of your CookiePath parameter is set to example.com, then your LogOffUri must point to example.com/logoff.html

    Default: /_layouts/SignOut.aspx, /_layouts/accessdenied.aspx?loginasanotheruser=true

    Limits: Multiple URI values permitted. Do not use a fully qualified URL. Use a relative URI.

    Example: (for a parent site of www.example.com with two lower-level sites named finance and hr respectively) /finance/_layouts/SignOut.aspx, finance/_layouts/accessdenied.aspx?loginasanotheruser=true /hr/_layouts/SignOut.aspx, /hr/_layouts/accessdenied.aspx?loginasanotheruser=true

  7. Click OK.

    The new values appear next to the parameters in the list.

  8. Click Submit.

    The Create Agent Configuration Task is submitted for processing and the confirmation message appears.