Previous Topic: Configure the Web ServicesNext Topic: Enable the Web Services

Administration GuideConfiguring Web ServicesAuthentication and AuthorizationConfigure the Web ServicesCreate an ACO for the Web Services

Create an ACO for the Web Services

You can manage the web services through an ACO. To use the web services, you must enable the enableauth parameter or the enableaz parameter or both.

Follow these steps:

  1. Create an ACO that is based on the AuthAzServiceDefaultSettings template in WAMUI.
  2. Configure the following parameters:
    AgentName

    Defines the names of the web agent that protects a resource. You can define one or more web agents where each web agent protects an application. Enter a multi-value pair in the following format:

    agent_name,appID
    agent_name

    Defines the name of the web agent that protects a resource.

    appID

    Defines the reference name of the web agent that was specified in agent_name or of the application that is protected by the web agent. CA SiteMinder® uses this value in the web services requests, thus protecting the agent name from the users.

    enableauth

    Specifies the status of the authentication web service. If you want to use the authentication web service, set the value to yes.

    enableaz

    Specifies the status of the authorization web service. If you want to use the authorization web service, set the value to yes.

    RequireAgentEnforcement

    Specifies whether the web services must be protected by a CA SiteMinder® agent. In a production environment, we highly recommended that you set this value to yes and protect the web services by a CA SiteMinder® Agent. If you set the value to yes and the web services are not protected, the requests to web services fail.

    Note: The value of RequireAgentEnforcement can be set to no in a test environment or if the web services are protected by any other mechanism other than CA SiteMinder®.

  3. Save the changes.
Protect the Web Services

We recommend that you protect the web services in a production environment. Protecting the web agent of the web services lets CA SiteMinder® authenticate and authorize the web services client before a user request is processed. When you protect the web services in your production environment, CA SiteMinder® SPS includes the SMSESSION cookie into the user request. If the RequestSmSessionCookie ACO parameter is enabled, CA SiteMinder® ensures that the web services verify the user request for the SMSESSION cookie before processing the user request.

To protect the web services, we recommend that you configure CA SiteMinder® SPS to protect the web services root URL using the X.509 Client Certificate authentication scheme.