The virtual host settings let CA SiteMinder® SPS act as a virtual host. You must define one default virtual host and can define multiple virtual hosts. By default, CA SiteMinder® SPS provides default virtual host settings that can be used for all the virtual hosts.
If you want to override the default virtual host settings for a virtual host, create a virtual host with the new values. If you do not define virtual host settings during the virtual host creation, CA SiteMinder® SPS uses the default value that is defined in the default virtual host settings.
The default virtual host settings consist of the following sections:
Virtual Host Details
The following parameters define the virtual host:
Note: The parameter names are represented as they appear in the server.conf file and Administrative UI, respectively.
Rewrites the cookie path to the URI that the backend server set when it received the initial request from the client. This ensures that the backend server does not reset the cookie path to its own resource URI and the browser contains the correct cookie when the client sends subsequent requests.
Rewrite the cookie domain from the domain set to the domain that the backend server set when it received the initial request from the client.
Preserves the HTTP HOST header file and sends it to the backend server.
When you enable the parameter, it takes precedence over a filter that is configured to control the HTTP HOST header. To disable the parameter and let the filter take precedence over the parameter, perform the following steps:
filteroverridepreservehost
Note You can enable filteroverridepreservehost only if a filter is available to control the HTTP HOST header.
Defines the block size of the request data that must be read at a time before the data is sent to the backend server. You can configure different values for each virtual host that you configure.sizes.
Limits: 1KB to approximately 352000 KB. For any value greater than or equal to 8 KB, chunks of 8 KB are created. A corresponding chunk size is create for values between 1 KB and 8 KB.
Defines the block size of the response data that must be read at a time before the data is sent from the backend server to the user. You can configure different value for each virtual host you configure.
Limits: 1KB to approximately 352000 KB.
Note: You must define the block sizes in proportion to the available and allocated JVM heap size for the CA SiteMinder® SPS java process. Use large block sizes for large file transfers. Perform the following steps to define the JVM heap size:
Default Session Scheme
The default session scheme defines the session scheme that the virtual host uses by default.
Session Scheme Mapping
Session scheme mappings associate session schemes with user agent types. Map the defined user agent types with the defined session schemes.
The following parameters define the session scheme mapping:
Note: The parameter names are represented as they appear in the server.conf file and Administrative UI, respectively.
Identifies the user agent name that you want to map.
Identifies the session scheme that must be mapped.
Web Agent Configuration
The WebAgent.conf file defines the default web agent configuration. If you want to uses local configuration, you can point the WebAgent.conf file to a local configuration file, LocalConfig.config.
If you create more than one virtual host, you can use the default Web Agent when you do not intend to use alternate settings in the Web Agent configuration file. If you plan to set any directive differently, for example, to specify a different log level, use a different Web Agent for the new virtual host.
To configure a Web Agent for a new virtual host, perform the following steps:
Note: If the Web Agent configuration objects for both virtual hosts point to the same SiteMinder installation, you do not need to run smreghost. You can use the same smhost file for both the Web Agents.
ServerPath="path"
Specifies is the fully qualified path to the WebAgent.conf file you are editing
Note: For detailed information about the Web Agent settings, see the CA SiteMinder Web Agent Guide.
The requirecookies setting in the server.conf file is a special Web Agent setting that is useful only if basic authentication was set during the Policy Server configuration. This setting instructs the agent to require either an SMSESSION or an SMCHALLENGE cookie to process HTTP requests successfully, including basic Authorization headers.
If you configure the embedded Web Agent to require cookies, the browser must accept HTTP cookies. If the browser does not, the user receives an error message from the Agent denying them access to all protected resources.
Set the requirecookies setting to yes when all user agent types for the associated virtual server use the default session scheme. If an agent type uses a cookieless session scheme, set the requirecookies parameter to no.
Some destination servers can respond to a request from the CA SiteMinder® SPS with a redirection.
Note: A redirection that is the result of a request to the CA SiteMinder® SPS is not the same as a redirect that occurs in a proxy rule. For information about a redirect in a proxy rule, see nete:redirect.
Because the redirection initiated by the destination server is likely to a server behind the DMZ, the URL specified in the redirection results in an error. However, you can include parameters in a virtual host configuration that substitute the virtual host server name and port number in place of a redirect from a destination server.
To substitute the virtual host server and port for redirect writing, configure the following:
Enables or disables redirect rewriting. If this directive is set to a value of yes, the URL for a redirect initiated by a destination server is examined by the SPS CA SiteMinder® SPS. If the redirect URL contains a string found in the list of strings specified in the associated redirectrewritablehostnames parameter, the server name and port number of the redirect are replaced by the server name and port number of the virtual host. If the parameter is set to a value of no, any redirects initiated by destination servers are passed back to the requesting user.
Contains a comma-separated list of strings that the CA SiteMinder® SPS searches for when a redirection is initiated by a destination server. If any of the specified strings are found in the server or port portion of the redirect URL, the CA SiteMinder® SPS substitutes the name and port number of the virtual host for the server name and port portion of the redirect URL. If you specify a value of "ALL" for this parameter, the CA SiteMinder® SPS substitutes the server name and port number of the virtual host for all redirects initiated by the destination server.
For example, consider a virtual host configuration in the server.conf file that contains the following parameters:
<VirtualHost name="sales"> hostnames="sales, sales.company.com" enableredirectrewrite="yes" redirectrewritablehostnames="server1.company.com,domain1.com" </VirtualHost>
When a user makes a request from http://sales.company.com:80, the CA SiteMinder® SPS forwards the request to a destination server according to proxy rules. If the destination server responds with a redirect to server1.internal.company.com, the redirect is rewritten before being passed to the user as sales.company.com:80.
Note: The proxy rules for the CA SiteMinder® SPS must be configured to handle the redirected requests.
To let CA SiteMinder® SPS to act as a virtual host for one or more host names, you must define a virtual host as the default virtual host. You can define multiple virtual hosts.
To manually configure a default virtual host, modify the <VirtualHost name="default"> section in the server.conf file. To configure the default virtual host using Administrative UI, edit the default virtual host settings in the Virtual Hosts, Available Virtual Hosts page.
You can define multiple virtual hosts and configure them to different settings other than the default virtual host values.
To create a virtual host manually, perform the following steps:
Note: If you do not define any settings, its default value is considered from the default virtual host values.
To create a virtual host using Administrative UI, perform the following steps:
Copyright © 2014 CA Technologies.
All rights reserved.
|
|