Administration Guide › Administrating CA SiteMinder® SPS › Using CA SiteMinder® SPS as a Federation Gateway

Using CA SiteMinder® SPS as a Federation Gateway

CA SiteMinder® SPS federation gateway simplifies the configuration involved in a federated environment. Typically, you have a federated environment where partners are communicating through many web servers. Each web server requires that you install and configure the Web Agent and the Web Agent Option Pack.

If you enable CA SiteMinder® SPS as a federation gateway, the number of components that you have to install and set-up is reduced. The CA SiteMinder® SPS federation gateway has the standard embedded components of CA SiteMinder® SPS and the Federation Web Services application provided by the Web Agent Option Pack.

Note: Knowledge of SiteMinder Federation Security Services is required for anyone configuring CA SiteMinder® SPS in a federated environment. For more information about Federation Security Services, see the CA SiteMinder Federation Security Services Guide.

The following illustration shows the difference with or without the CA SiteMinder® SPS federation gateway.

Prerequisites for Using the Federation Gateway

Before you set up CA SiteMinder® SPS as a federation gateway, consider the following:

• The SiteMinder environment must be configured according to the information in the CA SiteMinder Federation Security Services Guide. Verify that the Policy Server side components for federation are configured.
• Install CA SiteMinder® SPS and enable the enablefederationgateway setting when prompted.
• In the SiteMinder Policy Server User Interface, be sure to define the host information (server and port number) for the CA SiteMinder® SPS system that generate assertions. The CA SiteMinder® SPS host is defined in the Server field of the appropriate properties dialog for the federated partner you are specifying.

Configuring the CA SiteMinder® SPS Federation Gateway

The CA SiteMinder® SPS federation gateway can sit at the producer site and consumer site.

The overall configuration process for the CA SiteMinder® SPS federation gateway is as follows:

1. Install CA SiteMinder® SPS.
2. Run the configuration wizard.
3. Specify the general server settings in the server.conf file. Though there are defaults for most of the server.conf settings, you may want to modify such settings as session schemes or virtual host settings.
4. Define proxy rules in the proxyrules.xml file so that requests are directed to the backend servers.

   At the enterprise producing assertions, federation requests are forwarded to the Tomcat server embedded in CA SiteMinder® SPS. The Tomcat server hosts the FWS application. Proxy rules and filters have no relevance when the federation request gets processed.

   At the enterprise consuming assertions, you need to define a proxy rule that forwards requests to the destination server after the user is permitted access to the target resource.

5. (Optional) You can modify the Apache web server file (httpd.conf).

Limitations of the CA SiteMinder® SPS Federation Gateway

Note the following limitations when using the CA SiteMinder® SPS federation gateway:

• The prefilters and postfilters (both built-in and custom-configured) do not execute when federation resources are being requested. For non-federated requests that are fired for the default context, these filters execute as usual.
• Proxy rules do not execute when federated resources are being requested. For non-federated requests that are fired for the default context, these rules execute as usual.