Back to Bookshelf

• CA SiteMinder Agent for IBM WebSphere
• Legal Notices
• Contact CA Technologies
• Release Notes
  • Welcome
  • New Features
    • IPv6 TCP/IP Support
    • FIPS-140 Support
    • Java 1.6 Support
  • Operating System Support
  • Known Issues
    • Host Configuration File Compatibility
  • International Support
  • Documentation
    • Guide Names
    • Release Numbers on Documentation
  • Acknowledgements
    • Apache
• Agent Guide
  • Introduction
    • Overview
    • Required Background Information
    • SiteMinder Agent for IBM WebSphere Components
      • SiteMinder Trust Association Interceptor (TAI)
      • SiteMinder Login Module
        • Request Types Supported by the SiteMinder Login Module
      • SiteMinder Java Authorization Contract for Containers (JACC) Provider
    • Other Deployment Considerations
      • Identity and User Mapping
      • User Session Handling
      • J2EE Programmatic Security Call Principal Usage
      • SiteMinder Agent API
    • Agent Configuration Options
    • Use Cases
      • SiteMinder TAI-Only Use Case
      • All Modules Use Case
    • Recommended Reading List
  • Preconfigure Policy Objects for the SiteMinder Agent
    • Policy Object Preconfiguration Overview
    • Preconfigure the Policy Objects
    • What to Do After Preconfiguring the Policy Server
  • Installing and Upgrading the Agent
    • Overview
    • Upgrade from a Previous Release
    • Before You Begin
      • Software Requirements
      • Define the JAVA_HOME Environment Variable
      • Installation Checklist
    • Installation Location References
    • Install the SiteMinder Agent for IBM WebSphere
      • Information Required During Installation
      • Run the Installation in GUI Mode
      • Run the Installation in Console Mode on UNIX
    • Install a Web Agent for Advanced TAI Authentication
    • Register a Trusted Host Using the Registration Tool
      • Register a Trusted Host on Windows
      • Register a Trusted Host on UNIX
      • smreghost Command Arguments
    • Reinstall the SiteMinder Agent
    • Uninstall the SiteMinder Agent
      • Uninstall from Windows
      • Uninstall from UNIX
    • What to Do After Installing the SiteMinder Agent
  • Configuring the SiteMinder Agent, SiteMinder-Side
    • smagent.properties File
      • Edit smagent.properties
    • Fine-Tune the Agent Configuration Setup
      • Use One Agent Configuration Object and Multiple Agent Configuration Files
      • Use Module-Specific Agent Configuration Objects
      • Use a Shared Agent Configuration File and Configuration Object for All Agent Modules
    • Configure the TAI, SiteMinder-Side
      • Configure the TAI to Only Handle Requests from SiteMinder Session Holders
        • Disable the ChallengeForCredentials Agent Configuration Parameter
        • Enable the PrevalidateCookie Agent Configuration Parameter
        • Set the AssertionAuthResource Agent Configuration Parameter
        • Create an Assertion Realm for Non-Challenged Requests
      • Configure the TAI to Challenge Requests for Credentials
        • Set the ChallengeForCredentials Parameter to Challenge Requests for Credentials
        • Synchronize Overlapping SiteMinder TAI and Web Agent Configuration Parameters
        • Configure an Authentication Scheme for Challenged Requests
        • Create Realms for Challenged Requests
      • TAI-Specific Agent Configuration Parameter Summary
      • What to Do Next if You Are Setting Up a TAI-Only Configuration
    • Configure the Login Module, SiteMinder-Side
      • Configure the Login Module to Handle Java Client Requests
        • Set the RmiAuthResource Agent Configuration Parameter
        • Create a Realm for Java Client (RMI) Requests
      • Configure the Login Module to Handle System Login Requests
        • Set the SystemAuthResource Agent Configuration Parameter
        • Creating a Realm for System Login (J2EE RunAs Identity) Requests
      • Login Module-Specific Agent Configuration Parameter Summary
    • Configure the SiteMinder JACC Provider, SiteMinder-Side
      • Configure Policies for the SiteMinder JACC Provider
      • JACC-Specific Agent Configuration Parameters
    • What to Do After Completing SiteMinder-Side Configuration
  • Configuring the SiteMinder Agent, WebSphere-Side
    • Configure WebSphere Administration, Applications and infrastructure Settings
      • Configure LDAP as a WebSphere User Account Repository (User Registry)
      • Enable Administrative Security
    • (Optional) Configure the Class Loader for the SiteMinder Agent Logger
    • Configure the SiteMinder TAI in WebSphere
    • Configure the Login Module in WebSphere
      • Add the SiteMinder Login Module as a WebSphere DEFAULT Login Module
      • Add the SiteMinder Login Module as a WebSphere RMI_INBOUND Login Module
    • Configure the SiteMinder JACC Provider in WebSphere
    • Propagate JACC Data Constraint Policy Information to the SiteMinder JACC Provider
    • What to Do After Completing WebSphere-Side Configuration
  • Verifying SiteMinder Agent Installation and Configuration
    • SiteMinder Agent Verification Overview
    • Set Up the Snoop Servlet Example (TAI-Only)
    • Set Up the Snoop Servlet Example (All Modules)
    • Access the Snoop Servlet in a Web Browser
  • Configuring Policies for the SiteMinder Agent
    • Configure SiteMinder Policies to Support J2EE Roles
      • Configure the SmJaccRoles Realm
      • Configure Role-Mapping Rules
      • Configure Role-Mapping Policies
    • Resource Mapping
      • Web Application Resources
      • Configure HTTP Transport Guarantees for Web Application Resources
      • Map EJB Resources
    • Configure Rules for the JACC Provider
    • Configure Authentication and Authorization Responses
    • Configure SiteMinder Policies to Support User Mapping (Optional)
    • Configure Authorization Policies for the SiteMinder Agent
  • Obtaining SiteMinder Agent Data Programmatically
    • Common HashMap Response Structure
    • Obtain Authentication Responses and Other Data from the SiteMinder Principal
    • Obtain Authorization Responses for Web Requests from HTTP Request Attributes
  • Session Handling
    • Session Synchronization Between WebSphere and the SiteMinder Agent
    • Timeout Handling
    • Single Log Off Handling
  • Logging
    • Log Files
      • SiteMinder Agent Log File
      • Default SiteMinder Agent Log File
    • Record Messages to the Default SiteMinder Agent Log File
    • Append Messages to an Existing Log File
    • Display SiteMinder Agent Log Messages in a Console
    • Set Log Levels
    • Dynamically Update the SiteMinder Agent Log Files
    • Roll Over the Log File
  • SiteMinder Agent Installation and Configuration Files
    • SiteMinder Agent Files
    • Modify Configuration Files
      • Guidelines for Modifying Configuration Files
      • Agent Configuration Parameters
      • Trusted Host Configuration
    • Enable and Disable SiteMinder Agent Modules
  • Troubleshooting
    • General Troubleshooting Guidelines
    • WebSphere Application Server Does Not Start
    • Message While Loading JVM
    • Host Registration Fails During Installation
    • WebSphere Starts With No Indication That SiteMinder Agent Module Loads
    • SiteMinder Agent Initialization Fails
    • SiteMinder TAI Forms Authentication Scheme Failures
    • Identity Obtained by TAI Not Propagated to WebSphere
    • SiteMinder Agent Initializes but WebSphere Challenges Security
    • User Not Challenged for Credentials
    • SiteMinder TAI in No Challenge Mode Not Intercepting Requests
    • 500 Error Accessing Any Servlet/EJB
    • User Challenged for Credentials Before WebSphere Session Expires
    • User Mapping Not Working for Login Module-Protected Resources
    • Resetting the Level of the IIS Web Agent