MyTechReference - Technical Notes

by IDAMGroup

CA Siteminder Protecting Web Application Part 1

Protecting a simple web application using CA Siteminder  r12.51

In this blog i will take you through the steps required to protect your web application using CA Siteminder r12.51

Product Versions

  • Policy Server      : CA Siteminder r12.51
  • Webagent          : ca-wa-12.51-linux.bin
  • Webserver         : Apache/2.4.7
  • UserStore          : CA Directory


Webserver Details

Hostname: WebOne

WebServer Root: /usr/local/apache2

Virtual host entry in the httpd.conf

DocumentRoot /usr/local/apache2/htdocs/myecorp/


Below is my simple webserver static page i am going to protect


For Siteminder installation there is a cool video on you tube

Webagent installation on Suse Enterprise Linux SP11.

  • Execute the Webagent binary #ca-wa-12.51-linux.bin


  •  Click Next and scroll down and accept the agreement and click Next



  • Specify the Siteminder Webagent installation path and Click Next



  • Click Install to start the Webagent installation.


  •  Now you have successfully completed the installation and ready to configure the Webagent.


After installation of Webagent execute the under #/opt/siteminder/webagent/ to set the webagent environment variable.

  • Now before you start configuring the Webagent  you need to create blow 2 things in Siteminder Policy server.
    • Create ACO ( Agent Configuration Object)
    • Create HCO (Host Configuration Object)

Host Configuration Object



Agent Configuration Object


Lets go and configure the webagent by executing the file on the Webserver WebOne:/opt/siteminder/webagent



  • Since we are configuring webagent for the first time in this webserver, click yes to do Host registration.




  • Provide the Siteminder Administrative credentials




  • Provide the name of the host to be registered in the Policy Server
  • Then provide the HCO value as “WebOne_HCO” which we have created already.


    • This host name will be registered in the Trusted host section of the policy server as below after the web agent configuration completed.



  • Provide the policy server IP Address. You can add multiple Policy Server address to provide the High Availability functionality.



  • Select the FIPS Compability Mode and click Next



  • Accept the default location to store the Host Configuration file or provide your custom location.



  • Next 5 steps would be selecting your webserver type. I am using Apache web server


  • Root path of my web server


  • Version 2.4.7


  • Apache software foundation


  • By this time it read my version as 2.4.7


  • Now provide the ACO as “WebOne_ACO” name which we created at the beginning.


  • Next choosing type of  SSL we will be configuring for this Apache webserver. I am not doing SSL for this scenario so selected “No advance authentication”


  • Enable the Webagent by selecting the “Yes”


  • Confirm and click install to get started.


  • Here you go now we have configured the Webagent successfully on “WebOne” host


  • Webagent updates the httpd.conf file by adding the required Siteminder Modules and Directives as below
LoadModule sm_module "/opt/siteminder/webagent/bin/"
SmInitFile "/usr/local/apache2/conf/WebAgent.conf"
Alias /siteminderagent/pwcgi/ "/opt/siteminder/webagent/pw/"
<Directory "/opt/siteminder/webagent/pw/">
Options Indexes MultiViews ExecCGI
AllowOverride None
Require all granted
Alias /siteminderagent/pw/ "/opt/siteminder/webagent/pw/"
<Directory "/opt/siteminder/webagent/pw/">
Options Indexes MultiViews ExecCGI
AllowOverride None
Require all granted
Alias /siteminderagent/ "/opt/siteminder/webagent/samples/"
<Directory "/opt/siteminder/webagent/samples/">
Options Indexes MultiViews
AllowOverride None
Require all granted

Now lets start the Webserver and make sure the webagent starts without any error.

Edit the /usr/local/apache2/bin/apachectl  file and add the webagent environment variable to load it ever time when you restart the webserver.

if test -f /usr/local/apache2/bin/envvars; then
. /usr/local/apache2/bin/envvars
. /opt/siteminder/webagent/

Start the webserver

/usr/local/apache2/bin/apachectl start 

Check the webserver logs to make sure the Siteminder Webagent started without any errors

 [07/Feb/2014:22:14:03] [Info] [CA WebAgent LLAWP] [11936] [LLAWP Monitor: LLAWP has been started.]
 [07/Feb/2014:22:14:04] [Info] [CA WebAgent IPC] [11937] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0x6b087048
 [07/Feb/2014:22:14:04] [Info] [CA WebAgent IPC] [11937] [CSmSem::getSem] Attempted to attach to non-existent semaphore with key 0x6b087048
 [07/Feb/2014:22:14:04] [Info] [CA WebAgent IPC] [11937] [CSmSem::getSem] Created semaphore 622593 using key 0x6b087048
 07/Feb/2014:22:25:50] [Info] [CA WebAgent IPC] [11954] [CSmSharedSegment::smalloc] Attached to shared memory segment 16810005 using key 0x69087048
 [07/Feb/2014:22:25:50] [Information] SiteMinder Agent
 SiteMinder agent is running.

 In the following post i will be configuring objects on the policy server to protect this URL/application  



Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.