Previous Topic: Configure the User Agents SettingsNext Topic: Configure Log Settings


Configure the Virtual Host Settings

The virtual host settings let CA SiteMinder® SPS act as a virtual host. You must define one default virtual host and can define multiple virtual hosts. By default, CA SiteMinder® SPS provides default virtual host settings that can be used for all the virtual hosts.

If you want to override the default virtual host settings for a virtual host, create a virtual host with the new values. If you do not define virtual host settings during the virtual host creation, CA SiteMinder® SPS uses the default value that is defined in the default virtual host settings.

Default Virtual Host Values

The default virtual host settings consist of the following sections:

Virtual Host Details

The following parameters define the virtual host:

Note: The parameter names are represented as they appear in the server.conf file and Administrative UI, respectively.

enablerewritecookiepath/Enable Rewrite Cookie Path

Rewrites the cookie path to the URI that the backend server set when it received the initial request from the client. This ensures that the backend server does not reset the cookie path to its own resource URI and the browser contains the correct cookie when the client sends subsequent requests.

enablerewritecookiedomain/Enable Rewrite Cookie Domain

Rewrite the cookie domain from the domain set to the domain that the backend server set when it received the initial request from the client.

enableproxypreservehost/ Enable Proxy Reserve Host

Preserves the HTTP HOST header file and sends it to the backend server.

When you enable the parameter, it takes precedence over a filter that is configured to control the HTTP HOST header. To disable the parameter and let the filter take precedence over the parameter, perform the following steps:

  1. Open the server.conf file.
  2. Add the following parameter in the Virtual Host section of the virtual host you want to configure:
    filteroverridepreservehost
    
  3. Set the value of filteroverridepreservehost to yes.

Note You can enable filteroverridepreservehost only if a filter is available to control the HTTP HOST header.

requestblocksize/Request Block Size

Defines the block size of the request data that must be read at a time before the data is sent to the backend server. You can configure different values for each virtual host that you configure.sizes.

Limits: 1KB to approximately 352000 KB. For any value greater than or equal to 8 KB, chunks of 8 KB are created. A corresponding chunk size is create for values between 1 KB and 8 KB.

responseblocksize/Response Block Size

Defines the block size of the response data that must be read at a time before the data is sent from the backend server to the user. You can configure different value for each virtual host you configure.

Limits: 1KB to approximately 352000 KB.

Note: You must define the block sizes in proportion to the available and allocated JVM heap size for the CA SiteMinder® SPS java process. Use large block sizes for large file transfers. Perform the following steps to define the JVM heap size:

  1. Navigate to the appropriate directory:
  2. Open one of the following files
  3. Add the following parameters in the Java section of the file:
  4. Save the file.

Default Session Scheme

The default session scheme defines the session scheme that the virtual host uses by default.

Session Scheme Mapping

Session scheme mappings associate session schemes with user agent types. Map the defined user agent types with the defined session schemes.

The following parameters define the session scheme mapping:

Note: The parameter names are represented as they appear in the server.conf file and Administrative UI, respectively.

user_agent_name/User Agent Name

Identifies the user agent name that you want to map.

session_scheme_name/ Session Scheme Name

Identifies the session scheme that must be mapped.

Web Agent Configuration

The WebAgent.conf file defines the default web agent configuration. If you want to uses local configuration, you can point the WebAgent.conf file to a local configuration file, LocalConfig.config.

If you create more than one virtual host, you can use the default Web Agent when you do not intend to use alternate settings in the Web Agent configuration file. If you plan to set any directive differently, for example, to specify a different log level, use a different Web Agent for the new virtual host.

To configure a Web Agent for a new virtual host, perform the following steps:

  1. Create a directory with the name of the new virtual host, for example, serverb.
  2. Copy the contents of the directory for the default virtual host into the new directory.
  3. Run smreghost if the new Web Agent points to a different SiteMinder installation.

    Note: If the Web Agent configuration objects for both virtual hosts point to the same SiteMinder installation, you do not need to run smreghost. You can use the same smhost file for both the Web Agents.

  4. Use a text editor to modify WebAgent.conf to reflect the new agent configuration object. Verify that the Web Agents have different log files.
  5. Open the WebAgent.conf file and add the following required directive with a unique value.
    ServerPath="path"
    
    path

    Specifies is the fully qualified path to the WebAgent.conf file you are editing

    • For Windows, this value must be a unique alphanumeric string. The backslash '\' character is not permitted in this string.
    • For UNIX, this value must be the fully qualified path to the WebAgent.conf file you are editing.
  6. Access the Agent Configuration Object at the Policy Server that corresponds to the first host configuration object in the server.conf file. Verify the Agent cache settings for MaxResoureceCacheSize and MaxSessionCacheSize and also that the cache limits take into account all Agent Configuration Objects.

Note: For detailed information about the Web Agent settings, see the CA SiteMinder Web Agent Guide.

The requirecookies setting in the server.conf file is a special Web Agent setting that is useful only if basic authentication was set during the Policy Server configuration. This setting instructs the agent to require either an SMSESSION or an SMCHALLENGE cookie to process HTTP requests successfully, including basic Authorization headers.

If you configure the embedded Web Agent to require cookies, the browser must accept HTTP cookies. If the browser does not, the user receives an error message from the Agent denying them access to all protected resources.

Set the requirecookies setting to yes when all user agent types for the associated virtual server use the default session scheme. If an agent type uses a cookieless session scheme, set the requirecookies parameter to no.

Handling Redirects by Destination Servers

Some destination servers can respond to a request from the CA SiteMinder® SPS with a redirection.

Note: A redirection that is the result of a request to the CA SiteMinder® SPS is not the same as a redirect that occurs in a proxy rule. For information about a redirect in a proxy rule, see nete:redirect.

Because the redirection initiated by the destination server is likely to a server behind the DMZ, the URL specified in the redirection results in an error. However, you can include parameters in a virtual host configuration that substitute the virtual host server name and port number in place of a redirect from a destination server.

To substitute the virtual host server and port for redirect writing, configure the following:

enableredirectrewrite

Enables or disables redirect rewriting. If this directive is set to a value of yes, the URL for a redirect initiated by a destination server is examined by the SPS CA SiteMinder® SPS. If the redirect URL contains a string found in the list of strings specified in the associated redirectrewritablehostnames parameter, the server name and port number of the redirect are replaced by the server name and port number of the virtual host. If the parameter is set to a value of no, any redirects initiated by destination servers are passed back to the requesting user.

redirectrewritablehostnames

Contains a comma-separated list of strings that the CA SiteMinder® SPS searches for when a redirection is initiated by a destination server. If any of the specified strings are found in the server or port portion of the redirect URL, the CA SiteMinder® SPS substitutes the name and port number of the virtual host for the server name and port portion of the redirect URL. If you specify a value of "ALL" for this parameter, the CA SiteMinder® SPS substitutes the server name and port number of the virtual host for all redirects initiated by the destination server.

For example, consider a virtual host configuration in the server.conf file that contains the following parameters:

<VirtualHost name="sales">
hostnames="sales, sales.company.com"
enableredirectrewrite="yes"
redirectrewritablehostnames="server1.company.com,domain1.com"
</VirtualHost>

When a user makes a request from http://sales.company.com:80, the CA SiteMinder® SPS forwards the request to a destination server according to proxy rules. If the destination server responds with a redirect to server1.internal.company.com, the redirect is rewritten before being passed to the user as sales.company.com:80.

Note: The proxy rules for the CA SiteMinder® SPS must be configured to handle the redirected requests.

Default Virtual Host

To let CA SiteMinder® SPS to act as a virtual host for one or more host names, you must define a virtual host as the default virtual host. You can define multiple virtual hosts.

To manually configure a default virtual host, modify the <VirtualHost name="default"> section in the server.conf file. To configure the default virtual host using Administrative UI, edit the default virtual host settings in the Virtual Hosts, Available Virtual Hosts page.

Create Virtual Host

You can define multiple virtual hosts and configure them to different settings other than the default virtual host values.

To create a virtual host manually, perform the following steps:

  1. Open the server.conf file.
  2. Create a virtual host section in the server.conf file with the fields as described in the default virtual host values.

    Note: If you do not define any settings, its default value is considered from the default virtual host values.

  3. Save the changes.

To create a virtual host using Administrative UI, perform the following steps:

  1. Navigate to Virtual Hosts, Virtual Hosts.
  2. Click Add.
  3. Follow the steps on the wizard.
  4. Click OK.