Implementation Guide › Integrating with CA SiteMinder › How to Integrate with CA SiteMinder › Example: Configuring CA SiteMinder to Secure the Enterprise Management Server

Example: Configuring CA SiteMinder to Secure the Enterprise Management Server

In this example, you configure CA SiteMinder to secure the Enterprise Management Server log in session. You need to configure the user store that CA SiteMinder secures the authentication scheme and the domain policy.

1. Do the following:
   1. Go to Start, All Programs, CA, CA SiteMinder, CA SiteMinder Administrative UI.

      The CA SiteMinder Administrative UI opens prompting Steve for a username and password.

   2. Enter the credentials for the CA SiteMinder administrator user account.
   3. Select Infrastructure, Directory, User Directory, Create User Directory.
   4. Complete the following fields in the General frame:
      • Name—ac-dir
      • Description—Access Control User Store
   5. Move to the Directory Setup frame and complete the following fields:
      • Namespace—LDAP
      • Server—directory_hostname:port
   6. Move to the Administrator Credentials and complete the following fields:
      • Require credentials—check
      • Username—Bind user full DN
      • Password—password
      • Confirm Password—password
   7. Move to the LDAP Settings frame and complete the following fields:
      • Root—searchroot
      • Scope—Sub-Tree
      • Start—(&(sAMAccountName=
      • End—)(objectclass=top)(objectclass=person)(objectclass=organizationalperson)(objectclass=user))
   8. Move to the User Attributes frame and complete the following fields:
      • Universal ID—Attribute name corresponding to %USER_ID%
2. Click Submit.

   CA SiteMinder creates the user directory object.

3. Select View User Directory, ac-dir, View Content.

   The user store entries appear.

4. Select Infrastructure, Authentication, Authentication Scheme, Create Authentication Scheme, complete the following fields:
   • Name—ac-basic-auth
   • Description—CA Access Control Enterprise Management basic authentication
   • Authentication Scheme Type—Basic Template
   • Protection Level—5
   • Library—smauthdir
5. Click Submit

   CA SiteMinder creates the authentication scheme object.

6. Select Policies, Domains, Domain, Create Domain.
7. Specify the name of the domain.
8. Move to the User Directories frame and clicks Add/Remove.
9. Move ac-dir from the Available Members list to the Selected Members list, and then click OK.
10. Select Realms, Create Realm and complete the following fields:
    • Name—ac-realm
    • Agent—webserver-agent
    • Resource Filter—/iam/
    • Default Resource Protection—Protected
    • Authentication Scheme—ac-basic-auth
11. Move to the Rules frame, select Create and complete the following fields:
    • Name—ac-rule
    • Resource—*
    • Allow Access—select
    • Web Agent Actions—Get, Post
12. Click OK twice.
13. Select Policies, Create and complete the following field in the General tab:
    • Name—ac-policy
14. Move to the Users tab and select Add All
15. Move to the Rules tab, click Add Rule, select ac-rule and click OK
16. Click OK and Submit to create the domain.

You have configured the domain and realm policy.