Previous Topic: Configure the Custom Error Messages SettingsNext Topic: Configure the Session Scheme Settings

Administration GuideAdministrating CA SiteMinder® SPSConfiguration Methods of CA SiteMinder® SPSConfigure the Proxy Service Settings

Configure the Proxy Service Settings

The following proxy services are pre-defined in CA SiteMinder® SPS

forward

Forwards requests to destination servers according to the conditions and cases defined in the proxy rules XML configuration file. CA SiteMinder® SPS handles the subsequent requests.

You can configure the forward proxy service to manage the connection pool of CA SiteMinder® SPS. You can improve server performance by maintaining connections and alleviating the overhead of establishing a new connection for each request to a destination server. You can define proxy filters to process tasks before a request is forwarded to a destination server, and after the destination server returns data to CA SiteMinder® SPS.

redirect

Redirects requests to destination servers. The destination server handles the subsequent requests. You cannot configure the redirect proxy service.

To configure the forward proxy service manually, perform the following steps:

  1. Open the server.conf file.
  2. Navigate to the <Service name="forward"> section.
  3. Configure the following parameters:
    class

    Specifies the implementation that provides forwarding services for the CA SiteMinder® SPS. Do not change this value. This value is only exposed to accommodate the rare occasion when a custom service can forward requests specified in the proxy rules XML configuration file.

    protocol.multiple

    Indicates whether CA SiteMinder® SPS supports protocols other than HTTP. Specify one of the following values:

    true

    Indicates that protocols other than HTTP are supported. Currently, only HTTPS is supported as an additional protocol in the CA SiteMinder® SPS. True is the default value for this directive.

    false

    Indicates that only the HTTP protocol is supported.

    http_connection_pool_min_size

    Sets the minimum number of connections to a single destination server that are available for processing user requests.

    http_connection_pool_max_size

    Sets the maximum number of connections between CA SiteMinder® SPS and a destination server.

    Important! Each connection established by CA SiteMinder® SPS creates a socket. For UNIX operating systems, if the maximum size of the connection pool is large, you can increase the limit on file descriptors to accommodate the large number of sockets.

    http_connection_pool_incremental_factor

    Sets the number of connections to a destination server that CA SiteMinder® SPS opens when all available connections are being used to process requests.

    http_connection_pool_connection_timeout_unit

    Sets the timeout unit to seconds or minutes.

    http_connection_pool_connection_timeout

    Defines the time, in minutes, the system waits before closing idle connections in the connection pool.

    http_connection_pool_wait_timeout

    Defines the time, in milliseconds, that CA SiteMinder® SPS waits for an available connection. The default, 0, specifies that CA SiteMinder® SPS waits for a connection until notified and invalidates the use of http_connection_pool_max_attempts.

    http_connection_pool_max_attempts

    Indicates the number of attempts that the system makes to obtain a connection. This directive is only applicable if wait timeout is not zero.

    http_connection_timeout

    Defines the time, in milliseconds, spent on host name translation and establishing the connection with the backend server when creating sockets.

    Note

    • The timeout explicitly refers to the HTTP connection and not to the connection pool.
    • If you configured the -Dhttp_connection_timeout parameter in the SmSpsProxyEngine.properties file during CA SiteMinder® SPS initiation, the value of -Dhttp_connection_timeout precedes the value of http_connection_timeout.
    http_connection_stalecheck

    Specifies if a stale connection check must be performed. If you set the value to true, a stale connection check is performed before each request execution. If you set the value to false, an I/O error may appear when you execute a request over a connection that is closed at the backend web server.

    filter.filter name.class=fully qualified filter class name

    Specifies the filter configured in the server.conf file for each unique filter that is invoked in the proxy rules.

    Example: filter.PreProcess.class=SampleFilter

    filter.filter name.init-param.param name1=param value1

    Specifies the initialization parameters for a filter based on how the filters are defined using the Filter API. Configure the server.conf file to define parameters for each filter.

    Example: filter.PreProcess.init-param.param1=value1

    groupfilter.<groupname> = “filtername1,filtername2,…….filtername"

    Specifies the filter groups to implement one or more filters for a given proxy rule. CA SiteMinder® SPS reads the filter names declared in the group filter and processes the filters in a chain. The groupfilter name can be similarly used as a filter name in proxyrules.xml. When CA SiteMinder® SPS processes a group filter, the pre-filters are processed before post filters even if the order in which they are defined in the groupfilter is reverse.

    The following limitations are applicable:

    • The filter names must be valid and unique.
    • The group filter name must be unique. If you give the same group name for more than one group, only last group survives.
    • The group filter name and filter names must be different.

    Example: groupfilter.BatchProcess="SampleFilter1, SampleFilter2, SampleFilter3"

To configure using Administrative UI, perform the following steps:

  1. Navigate to Proxy Configuration, Proxy Service.
  2. Complete the following fields:
    Support Multiple Protocols

    Indicates whether the CA SiteMinder® SPS supports protocols other than HTTP. If you select this option, the CA SiteMinder® SPS supports HTTP and HTTPS protocols. If you do not select this option, the CA SiteMinder® SPS supports only the HTTP protocol. By default, this option is enabled.

    Minimum Size

    Sets the minimum number of connections to a single destination server that are available for processing user requests.

    Maximum Size

    Sets the maximum number of connections between the CA SiteMinder® SPS and a destination server.

    Important! Each connection established by the CA SiteMinder® SPS creates a socket. For UNIX operating systems, if the maximum size of the connection pool is large, you can increase the limit on file descriptors to accommodate the large number of sockets.

    Incremental Factor

    Sets the number of connections to a destination server that the CA SiteMinder® SPS opens when all available connections are being used to process requests.

    Connection Timeout

    Defines the time and timeout unit the system waits before closing idle connections in the connection pool.

    Wait Timeout

    Defines the time, in milliseconds, that the CA SiteMinder® SPS waits for an available connection. If the value is 0, the CA SiteMinder® SPS waits for a connection until notified and invalidates the use of HTTP Connection Pool Max Attempts.

    Maximum Attempts

    Indicates the number of attempts that the CA SiteMinder® SPS makes to obtain a connection. This directive is only applicable if wait timeout is not zero. If the value is 0, the CA SiteMinder® SPS makes attempts indefinitely.

    Connection Time Out

    Defines the time, in milliseconds, spent on host name translation and establishing the connection with the server when creating sockets. If the value is 0, the CA SiteMinder® SPS does not enforce a limit.

    Note: This timeout explicitly refers to the HTTP connection and not to the connection pool.

  3. Click Save.