Re: Applying Configuration in the command prompt?
Posted: Thu Oct 11, 2012 12:27 pm
Siteminder (S3), is an authentication module that our company uses that was developed by CA. It is similar to OpenSSO. What happens is we integrate a S3 module into Apache. The module connects to policy servers to gather information regarding users (LDAP and AD) as well as what policy is configured for the particular URL you are accessing. If you access the application server, the app server communicates with the policy server to see if that site is protected, if it is and you don't have a session open it will redirect you to an authentication server to authenticate. After you are authenticated you can access the application sites. It is the job of the application to verify the user is authorize. Currently we have the authorization part disabled so users log into S3 and then get the Nagios XI login prompt. We were having issues running that script, until I got the S3 team to put an exception for /nagiosql. The scripts I saw used localhost and for some reason or another they are unable to list localhost in the ignore hosts. When I ran the script, it would download a nagiosql.login file and the contents of that file was the S3 login page. After I got the S3 team to put in the exception I was able to run the script w/o a problem. Though it looks like something is hanging on the Apply Config, in the GUI, when we have S3 enable. I requested an exception for an ajax page that I saw that was being called, though I have yet to test it as my root account expired and I am waiting for our admins to enable it again.
My thought was that when you click apply config the server runs a command on a S3 protected site and since the server isn't authenticated, it gets redirected by the S3 server. I was able to get around that by adding /nagiosql/* to the policy, though that only got the script to work.
-Doron
My thought was that when you click apply config the server runs a command on a S3 protected site and since the server isn't authenticated, it gets redirected by the S3 server. I was able to get around that by adding /nagiosql/* to the policy, though that only got the script to work.
-Doron