Agent Configuration Parameters

Agent Guide › SiteMinder Agent Installation and Configuration Files › Modify Configuration Files › Agent Configuration Parameters

Agent Configuration Parameters

Agent configuration settings are defined in two locations:

Agent Configuration Object—SiteMinder policy object that holds Agent parameters for an Agent when using central agent configuration. You can create a separate Agent Configuration Object for each Agent module if you want to define different parameters for each module centrally. Parameters held in an Agent Configuration Object are dynamic; if you change these settings while the WebSphere server is running, the SiteMinder Agent will pick up the change.
Note: The SiteMinder Agent for IBM WebSphere does not use the same agent configuration parameters as a SiteMinder Web Agent and even where parameters have similar names their values might not be compatible. Do not attempt to use the Agent Configuration Object for a SiteMinder Web Agent for the SiteMinder Agent for IBM WebSphere.
Agent Configuration File—Text file that holds parameters for an Agent. By default, an Agent configuration file is created for each module (AsaAgent-module.conf, where module is assertion for the TAI, auth for the Login Module, and az for the JACC Provider). However, you can create a single AsaAgent.conf file to provide common parameters for all three modules.

Unless otherwise noted, parameters can be defined in either the Agent Configuration Object or the Agent configuration file depending upon how you have decided to configure your Agent.Fine-Tuning Your Agent Configuration Setup.

Parameter Name	Value	Description
AcceptTPCookie (TAI and Login Module)	YES or NO	(Optional) If set to yes, configures the SiteMinder TAI/SiteMinder Login Module to assert identities from third-party SiteMinder session cookies. Default is No. Note: The value you specify for this parameter must match for the SiteMinder TAI, SiteMinder Login Module, and Web Agent.
AgentConfigObject (Applies only in Agent configuration file)	String	The name of the Agent module Agent Configuration Object.
AllowLocalConfig (Applies only in the Agent Configuration Object)	YES or NO	If set to yes, parameters set locally in the Agent configuration file take precedence over parameters in the Agent Configuration Object. Default is NO.
AssertByUserId	True or False	Determines whether the SiteMinder Agent asserts a userDN or a simple user name to WebSphere, a propagation that WebSphere uses to answer J2EE programmatic calls. (This value therefore impacts user mapping and J2EE RunAs identity). If set to True, the SiteMinder Agent asserts a simple user name. If set to False, the SiteMinder Agent asserts the UserDN. Default is False.
AssertionAuthResource (TAI only)	String	If you are configuring the TAI to not challenge requests for credentials, this value must match the value specified for the resource filter in the realm that you create for nonchallenged requests. For example: assertionauthresource=/sitemindertai If configuring the TAI to challenge requests for credentials, this value must be NO.
AuthCacheSize (TAI and Login Module)	Number	(Optional) Size of the authentication cache for the SiteMinder TAI or Login Module (in number of entries). For example: authcachesize="1000" Default is 0. To flush this cache, use the SiteMinder Administrative UI.
AzCacheSize (JACC Provider)	Number	(Optional) Size of the authorization cache (in number of entries) for the JACC Provider. For example: authcachesize="1000" Default is 0. To flush this cache, use the Administrative UI.
CacheTimeout	Number	(Optional) Number of seconds before cache times out. For example: cachetimeout="1000" Default is 600 (10 minutes).
ChallengeForCredentials (TAI)	YES or NO	(Optional) Specifies whether the SiteMinder TAI must challenge for credentials. Default is NO.
CookieDomain (TAI)	String	(Optional) Name of the cookie domain. For example: cookiedomain="ca.com" No default value. For more information, see the cookiedomainscope parameter.
CookieDomainScope (TAI)	Number	(Optional) Further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder TAI. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example: cookiedomainscope="2" Default is 0, which takes the domain name specified in the cookiedomain parameter.
DefaultAgentName (Applies only in the Agent Configuration Object)	String	The Agent identity that the SiteMinder Agent module for which it is set uses when it detects an IP address in a request that does not have an Agent identity assigned to it. By default, the default Agent name is the name of the installed Agent (module).
EnableWebAgent (Applies only in Agent configuration file)	YES or NO	Enables or disables the SiteMinder Agent for WebSphere module for which it is set.
EncryptAgentName (TAI)	YES or NO	Specifies whether the agent name must be encrypted when redirecting to the SiteMinder Web Agent for SiteMinder TAI credential collection. Default is NO. Note: The value you specify for this parameter must match for the SiteMinder TAI and Web Agent.
FccCompatMode (TAI)	YES or NO	(Required for TAI; otherwise optional) Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder TAI does not support. Therefore set this parameter to NO for both the SiteMinder TAI and the Web Agent: fcccompatmode="NO" Note: The value you specify for this parameter must match for the SiteMinder TAI and Web Agent.
IgnoreExt (JACC Provider)	Comma-separated string	(Optional) Species common file extensions (.gif, .jpg, .jpeg, .png, and .class) that the JACC Provider can ignore. The JACC Provider passes requests for files with these extensions directly to WebSphere without authorization. Use this parameter to specify extensions of files that do not require as much security as other resources.
IgnoreQueryData (TAI and JACC Provider)	YES or NO	(Optional) Indicates whether the SiteMinder TAI/JACC Provider must ignore HTTP query data when checking for resource protection. Default is NO. Note: The value you specify for this parameter must match for the SiteMinder TAI, JACC Provider, and Web Agent (as applicable).
IpCheck (TAI and JACC Provider)	YES or NO	(Optional) Enables or disables checking of IP addresses by SiteMinder TAI/JACC Provider. Default is YES. Note: The value you specify for this parameter must match for the SiteMinder TAI, JACC Provider, and Web Agent (as applicable).
LogAppend	YES or NO	(Optional) If an existing file is present in the location specified in logfilename, the logappend parameter determines whether to append messages to that file or to overwrite the file. YES appends messages; NO overwrites the file. Default is NO.
LogConsole	YES or NO	(Optional) YES or NO, to enable logging to the console. Default is NO.
LogFile	YES or NO	(Optional) YES or NO, to enable or disable logging to a log file. Default is NO.
LogFileName	String	(Optional) Agent log file path. For example: /opt/WebSphere/AppServer/smwasasa/logs/asa.log
LogLevel	Number	(Optional) 0, 1, 2, or 3, 4, or 5 levels at which log messages are written. Default is 0.
LogRollover	YES or NO	(Optional) If yes, enables logging rollover. Default is NO.
LogRolloverSize	Number	(Optional) Number, in kilobytes (KB), that specifies the size limit of the log file before you want it to roll over. Specify this only if logrollover is set to YES. Positive integer only. The default is 10240 KB (10 MB).
LogRolloverTime	Number	(Optional) Number, in hours, that specifies the duration before you want the log file to roll over. Specify this only if logrollover is set to YES. Positive integer only. The default is 12 hours.
PersistentCookies (TAI)	YES or NO	Specifies whether the agent allows single sign-on for multiple browser sessions. When this is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions. Default is NO.
PrevalidateCookie (TAI)	YES or NO	Specifies whether the SiteMinder TAI (when configured not to challenge requests for credentials) validates that the SiteMinder session ticket is valid (not corrupt, expired, can be decrypted, and so on). If the session ticket is good, the SiteMinder TAI then processes the request. If the session ticket is not valid, The SiteMinder TAI returns FALSE and does not process the request. For example: PrevalidateCookie=YES This parameter is ignored if ChallengeForCredentials=YES or if there is no SiteMinder session ticket in a request. Default is NO.
ResourceCacheSize	Number	(Optional) Size (in number of entries) of the cache for resource protection decisions. For example: resourcecachesize="1000" Default is 0. To flush this cache, use the Administrative UI.
RmiAuthResource (Login Module)	String	(Optional) Specifies the value of the resource filter defined in realm that you create for Java Client requests or "no" if you do not want the Login Module to accept Java client requests. For example: RmiAuthResource=siteminderrmi Default is NO.
ServerErrorFile (TAI)	String	(Optional) Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example: servererrorfile="http://server.ca.com:88/errorpage.html" or servererrorfile="C:\smwasasa\errorpages\errorpage.txt" If this setting is not configured, a default message is output to the response when the TAI encounters an error.
SystemAuthResource (Login Module)	String	(Optional) Specifies the value of the resource filter defined in the realm that you create for System Login requests or "no" if you do not want the Login Module to handle System Login requests. For example: SystemAuthResource=sitemindersystem Default is NO

You can specify logging settings in the SiteMinder Agent Configuration Object in the Administrative UI or in the local SiteMinder Agent configuration file.

Email CA Technologies about this topic