Agent for SharePoint Guide › CA DataMinder Content Classification Service and the Agent for SharePoint › Set the Proxy Rules for the Agent for SharePoint when using CA DataMinder Content Classification Service with Multiple Authentication

Set the Proxy Rules for the Agent for SharePoint when using CA DataMinder Content Classification Service with Multiple Authentication

The CA SiteMinder Agent for SharePoint operates as a proxy-based solution. To protect your SharePoint resources, edit the proxy rules file so that the Agent for SharePoint forwards requests to one of the following destinations:

• A hardware load balancer that redirects incoming requests to multiple web front ends associated with multiple SharePoint servers in a SharePoint server farm.
• A single web front end that is associated with multiple SharePoint servers in a SharePoint server farm.

When using the CA SiteMinder Agent for SharePoint, and the CA DataMinder content classification services together with multiple authentication, specific proxy rules are required for the proper protection of resources.

Important! Do not use any other proxy rule settings with the Agent for SharePoint, the CA DataMinder content classification service, and multi–authentication. Resources that the CA DataMinder content classification service classifies use an HTTP request header for proper forwarding by the Agent for SharePoint. If the Agent for SharePoint does not properly forward these requests using these rules (as they are shown here), unauthorized access or disclosure is possible.

Follow these steps:

1. Locate the following file on your CA SiteMinder Agent for SharePoint:

   Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml
   

   Agent-for-SharePoint_Home

   Indicates the directory where the CA SiteMinder Agent for SharePoint is installed.

   Default: (Windows) [32-bit] C:\Program Files\CA\Agent-for-SharePoint

   Default: (Windows) [64-bit] C:\CA\Agent-for-SharePoint
   Default: (UNIX/Linux) /opt/CA/Agent-for-SharePoint

2. Rename the previous file using a name similar to the following example:

   proxyrules_xml_default.txt
   

3. Open the following file on your CA SiteMinder Agent for SharePoint with a text editor:

   Agent-for-SharePoint_home\proxy-engine\examples\proxyrules\proxyrules_example2.xml
   

4. Save the previous file as a new file in the following location:

   Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml
   

5. Locate the following text in the updated proxyrules.xml file:

   :///$$PROXY_RULES_DTD$$"
   

6. Replace the previous text with the appropriate line for your operating environment:
   • For Windows use the following line:

     :///C:\Program Files\CA\Agent-for-SharePoint\proxy-engine\conf\dtd\proxyrules.dtd"
     

   • For UNIX/Linux, use the following line:

     :////opt/CA/Agent-for-SharePoint/proxy-engine/conf/dtd/proxyrules.dtd"
     

   Note: The previous examples indicate the default installation directory for the product. If you installed the product in a different directory, edit the examples to point to your installation directory instead.

7. Locate the following text:

   http://www.company.com
   

8. Change the previous text to the domain of your organization. Use the following example as a guide:

   http://www.example.com
   

9. Locate the following line:

   <nete:cond type="header" criteria="equals" headername="HEADER">
   

10. Edit the previous line so that it matches the following line:

    <nete:cond type="header" criteria="equals" headername="SMSERVICETOKEN">
    

11. Locate the following line:

    <nete:case value="value1">
    

12. Edit the previous line so that it matches the following line:

    <nete:case value="DLP">
    

13. Add a line after the previous line.
14. Copy and paste the following xml syntax onto the new line:

    <nete:xprcond>
    

    <nete:xpr>
    

    <nete:rule>^/_login/default.aspx\?ReturnUrl=(.*)</nete:rule>
    <nete:result>http://sharepoint.example.com:port_number/_trust/default.aspx?trust=name_of_siteminder_trusted_identity_provider&amp;ReturnUrl=$1</nete:result>
    </nete:xpr>
    

    <nete:xpr-default>
    

    <nete:forward>http://sharepoint.example:port_number$0</nete:forward>
    

    </nete:xpr-default>
    

    </nete:xprcond>
    

15. Replace both instances of the sharepoint.example:port_number in the previous section with one of the following values:
    • The host name, domain, and port number of your hardware load balancer. This hardware load balancer operates between your CA SiteMinder Agent for SharePoint server and the SharePoint servers.
    • host name, domain, and port number of your single web front end. In this context, this web front end (WFE) refers a web server that operates in front of your "back end" SharePoint servers.
16. Replace the instance of name_of_siteminder_trusted_identity_provider in the previous section with the name of your CA SiteMinder trusted identity provider.
17. Locate the following line in the file:

    <nete:forward>http://home.company.com$0</nete:forward>
    

18. Replace the home.company.com in the previous line with one of the following values:
    • The host name, domain, and port number of your hardware load balancer. This hardware load balancer operates between your CA SiteMinder Agent for SharePoint server and the SharePoint servers.
    • host name, domain, and port number of your single web front end. In this context, this web front end (WFE) refers a web server that operates in front of your "back end" SharePoint servers.
19. Save the file and close your text editor.

    The proxy rules are set.