How to Add Multiple Web Agents to the Symantec SiteMinder Access Gateway

Often when using the SiteMinder Access Gateway, multiple applications will want to leverage the gateway for their integrations in lieu of the traditional web agent on web server method. This means you may need to have multiple agents running on the same gateway to meet all the different applications’ needs. This is a guide to help set up multiple agents on a single access gateway.

Prerequisites

  • You have access to the server.conf file
  • You have the Agents created in the Policy Server
  • You have the Agent Configuration Objects created in the Policy Server
  • Host Registration has been performed for the Default Agent on the Gateway

Tasks

  1. Create directories for agent configs
  2. Modify the server.conf file

Note: The task breakdowns are going to be done for Windows. The steps are the same as if you were operating on Linux, just update your file paths to reflect your environment.

Task 1 – Create Directories for Agent Configurations 

For there to be multiple agents running independently on the same gateway, you need to create the directory structure for the agents and set up the configuration files that they expect to find. 

  1. Browse to the gateway-home\proxy-engine\conf directory.
  2. Create a copy of the defaultagent directory for each additional agent you are trying to add.
  3. Rename each of the directories to reflect the agent name that you are configuring in that directory. I recommend replacing the default portion with the app name the agent is for. For example, defaultagent changes to portalagent or idmagent.
  4. In each of the new directories, open the WebAgent.conf files and update them to reflect the ACO and change the ServerPath field. ServerPath can be any arbitrary value with 2 exceptions. It cannot have special characters, and it must be unique. You can leave the SmHost pointer as it is or you can create an independent SmHost for each agent at your discretion.

  5. Save the WebAgent.conf files.

Task 2 – Setting up the server.conf file.

  1. Browse to the gateway-home\proxy-engine\conf directory.
  2. Edit the server.conf file.
  3. At the very bottom of the file, copy the default virtual agent settings.
  4. Create a copy of those settings for every agent you are trying to add.
  5. For each section of the agent settings, you’ll need to modify the highlighted fields.

    *You can comment out the addresses OR the hostnames fields if you are not using one of them to bind to an agent.
  6. Save the file.
  7. Restart the Access Gateway to apply the changes.

Confirming the Changes

Now that the changes have been applied, you can confirm that the new agents have come online by checking the server.log. If you see lines like the ones below, then the agents are initialized and are ready to enforce policies.

If your agents aren’t initializing properly, make sure that the ACOs and Agent names are correct between the Policy Server and what is in the WebAgent.conf files. This is the most common reason that the agents wouldn’t initialize. Other issues you may run into are illegal characters in the ServerPath field in the WebAgent.conf file. Try simplifying it to just a single word with no numbers or non-letter characters. I often opt to just use the application name in this field to avoid complications.

Looking for additional help with adding multiple web agents to the Symantec SiteMinder Access Gateway? ISX is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including Symantec SiteMinder. Take your interoperability to the next level, and contact an ISX consultant today.

ISXHow to Add Multiple Web Agents to the Symantec SiteMinder Access Gateway

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *