Administration Guide › Administrating CA SiteMinder® SPS › Using CA SiteMinder® SPS as a Web Agent Replacement

Using CA SiteMinder® SPS as a Web Agent Replacement

To provide federated single sign-on, CA SiteMinder® SPS may be used as a substitute for the SiteMinder Web Agent. CA SiteMinder® SPS, and the Web Agent Option Pack combine to provide the Federation Web Services (FWS) application, which is a collection of servlets packaged as a Web application. This application provides much of the SiteMinder federation functionality.

Knowledge of SiteMinder Federation Security Services is required for anyone configuring CA SiteMinder® SPS in a federated environment. For more information on Federation Security Services, see the CA SiteMinder Federation Security Services Guide.

The following figure shows an environment where CA SiteMinder® SPS replaces a SiteMinder Web Agent.

Important! If you choose to use CA SiteMinder® SPS in place of the Web Agent for a federated environment, the Web Agent Option Pack requires a dedicated web server and servlet engine.

Prerequisites for Using CA SiteMinder® SPS as a Web Agent Replacement

Before you configure CA SiteMinder® SPS for use in a SiteMinder Federation Security Services environment, consider the following:

• The SiteMinder environment must be configured according to the information in the CA SiteMinder Federation Security Services Guide. We recommend that you configure a Federation environment with a standard Web Agent to confirm that Federation Security Services is configured properly.
• In the SiteMinder Policy Server User Interface, define the host information (server and port number) for the CA SiteMinder® SPS system that generates assertions. The CA SiteMinder® SPS host is defined in the Server field of the appropriate properties dialog for the federated partner you are specifying.

Configuring CA SiteMinder® SPS as a Web Agent Replacement for Federation

The configuration process for CA SiteMinder® SPS to operate in a federated environment is similar to the standard CA SiteMinder® SPS configuration process.

The overall configuration process for the CA SiteMinder® SPS federation gateway is as follows:

1. Install CA SiteMinder® SPS.
2. Run the configuration wizard.
3. Specify the general server settings in the server.conf file. Though there are defaults for most of the server.conf settings, you can modify such settings as logging, session schemes, or virtual host settings.
4. Define proxy rules in the proxyrules.xml file so that requests are directed to the backend servers.

   At the enterprise producing assertions, define a proxy rule that forwards requests to the backend server hosting FWS. At the side consuming assertions, there must be a rule that forwards requests to the destination server after the user is permitted access to the target resource.

5. (Optional) If you want to configure virtual hosts for CA SiteMinder® SPS, you can modify the Apache web server file (httpd.conf), for example,