Cisco Unified MeetingPlace Release 6.1 -- Configuring SiteMinder for use with Web Conferencing
If your deployment includes the SiteMinder application for authentication and single-sign on support, you must make the following changes to the SiteMinder configuration in order for it to interoperate properly with Cisco Unified MeetingPlace Web Conferencing Release 6.1.
String Blocking in URLs
SiteMinder looks for invalid strings in all URLs before processing. Cisco Unified MeetingPlace Web Conferencing uses internal URLs that include the "." character (period) which is blocked by the default SiteMinder configuration. The default block is:
badurlchars="./, /., /*, *., ~, \, %00-%1f,%7f-%ff"
In order for Cisco Unified MeetingPlace Web Conferencing to function properly, you must remove /. from the badurlchars string, for example:
badurlchars="./, /*, *., ~, \, %00-%1f,%7f-%ff"
Localhost Redirection and Hostname Blocking in URLs
Cisco Unified MeetingPlace Web Conferencing uses internal URLs that include connecting to the localhost/loopback on port 8002, for example, http://localhost:8002. When SiteMinder receives a localhost request, it resolves localhost to the actual host name of the server. SiteMinder then looks up the host name in its list of hosts and matches it to the name of an agent. In order for Cisco Unified MeetingPlace Web Conferencing to function properly, you must add this agent name to the exception list so that it is not blocked by SiteMinder.
The following example shows the SiteMinder logging for a localhost request on port 8002:
[5812/7912][Tue Apr 24 14:00:07 2007][..\..\..\CSmHttpPlugin.cpp:219][INFO:2] PLUGIN: Read HTTP_HOST value 'localhost:8002'. /
[5812/7912][Tue Apr 24 14:00:07 2007][..\..\..\CSmHttpPlugin.cpp:270][INFO:2] PLUGIN: ProcessResource - Resolved Host 'YOURHOSTNAME:8002'.
[5812/7912][Tue Apr 24 14:00:40 2007][..\..\..\CSmHttpPlugin.cpp:290][INFO:1] PLUGIN: ProcessResource - Resolved Agentname 'yourhostname-unprotected' for HTTP_HOST 'YOURHOSTNAME:8002'.
In the first line, SiteMinder processes the request to localhost on port 8002. In the second line, localhost is resolved to the actual hostname of the machine (in this example, YOURHOSTNAME). In the third line, YOURHOSTNAME:8002 is resolved to the agent defined in your SiteMinder configuration as yourhostname-unprotected. It is this agent name which must be allowed (not blocked) by SiteMinder in order for the request to succeed.