Resource inside application server Tomcat

Document ID : KB000108977
Last Modified Date : 03/08/2018
Show Technical Document Details
Question:
I'm running CA Access Gateway (SPS), and I would like to create a
resource like proxyui inside the embedded server Tomcat. I would like
to start my customlogin.fcc page with another resource. Which steps I
have to follow ? Is possible ? Or is it necessary to create a WAR and
put inside the CA Access Gateway (SPS) Tomcat server in the
Tomcat/webapp folder ?
Answer:
First you need to know that CA Access Gateway (SPS) doesn't support
local content :

  Product Limitations 

  "CA Access Gateway does not support local content. The ability to place 
  content on CA Access Gateway is not exposed, and CA Access Gateway 
  does not support proxy rules for providing access to local content." 

  https://docops.ca.com/ca-single-sign-on/12-8/en/implementing/implementing-ca-access-gateway/ca-access-gateway-architecture-introduced 

In order to protect your application with a custom authentication 
scheme, you have to run the application on a backend server, and 
configure the protection on the SPS and placing the custom 
authentication scheme at the same place of the login.fcc. 

To illustrate : 

Your application runs on 

http://backend.mydomain.com/myapp 

You configure the proxyrule to relay 

http://mysps.mydomain.com/myapp 
to 
http://backend.mydomain.com/myapp 

Then you place the taftlogin.fcc in the same folder as per the 
login.fcc on the SPS server. 

Then you protect your application defining the realm : 

 /myapp 

And then when the user will hit http://mysps.mydomain.com/myapp, it 
will be redirected to 

http://mysps.mydomain.com/siteminderagent/forms/taftlogin.fcc 

and once successfully authenticated and authorized, the request will 
go to http://backend.mydomain.com/myapp, and the reply will appear in 
the user browser as 

http://mysps.mydomain.com/myapp