Implementation Guide › Integrating with CA SiteMinder › How to Integrate with CA SiteMinder › Example: Configuring the Enterprise Management Server to Use CA SiteMinder To Authenticate Users

Example: Configuring the Enterprise Management Server to Use CA SiteMinder To Authenticate Users

In this example, you configure the Enterprise Management Server for CA SiteMinder integration.

1. On the Enterprise Management Server host, do the following:
   1. Stop the JBoss application server.
   2. Navigate to the following directory, where JBOSS_HOME is the directory where you installed JBoss:

      JBOSS_HOME/server/default/deploy/IdentityMinder.ear/user_console.war/WEB-INF
      

   3. Open the web.xml file and locate the FrameworkAuthFilter section.
   4. Modify the value to false, then save and close the file. For example:

      <filter>
        <filter-name>FrameworkAuthFilter</filter-name>
        <filter-class>com.netegrity.webapp.authentication.FrameworkLoginFilter</filter-class>
        <init-param>
          <param-name>Enable</param-name>
          <param-value>false</param-value>
        </init-param>
      </filter>
      

2. Navigate to the following directory:

   JBOSS_HOME/server/default/deploy/IdentityMinder.ear/policyserver.rar/META-INF
   

3. Do the following:
   1. Open the ra.xml file and set the value to true to enable the connection, as follows:

      <config-property>
       <config-property-name>Enabled</config-property-name>
       <config-property-type>java.lang.String</config-property-type>
       <config-property-value>true</config-property-value>
      </config-property>
      

   2. Configure the FIPS mode according to the CA SiteMinder Policy Server configuration, as follows:

      <config-property>
        <config-property-name>FIPSMode</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>false</config-property-value>
      </config-property>
      

   3. Define the CA SiteMinder Policy Server hostname, IP address and port number, as follows:

      <config-property>
        <config-property-name>ConnectionURL</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>policyservernode.example.com,44441,44442,44443</config-property-value>
      </config-property>
      

   4. Define the administrative user account settings, as follows:

      <config-property>
        <config-property-name>UserName</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>siteminder</config-property-value>
      </config-property
      

   5. Run the password tool located in the following directory:

      /CA/AccessControlServer/IAMSuite/AccessControl/tools/PasswordTool
      

      For example:

      pwdTools -FIPS -p <clear_text_password> -k JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys/FIPSKey.dat
      

   6. Define AdminSecret as the output of the following encryption command,as follows:

      <config-property>
        <config-property-name>AdminSecret</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>{AES}:gSez2/BhDGzEKWvFmzca4w==</config-property-value>
      </config-property>
      

   7. Define AgentName as the CA Access Control Enterprise Management node agent name:

      config-property>
        <config-property-name>AgentName</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>webserver-agent</config-property-value>
      </config-property>
      

   8. Encrypt the CA Access Control Enterprise Management shared secret using the following password tool command:

      ACServerInstallDir/IAMSuite/AccessControl/tools/Passwordtool/pwdtools.bat -FIPS -p <your_shared_secret> -k JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys/FIPSKey.dat
      

   9. Define AgentSecret as the encrypted output of the following command:

      <config-property>
        <config-property-name>AgentSecret</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>{AES}:gSez2/BhDGzEKWvFmzca4w==</config-property-value>
      </config-property>
      

4. Save and close the file.
5. Navigate to the following directory:

   JBoss_HOME/bin
   

6. Edit the run_idm.bat and set the %PATH% variable to the JBoss installation path: For example:

   set PATH=%PATH%;C:\jboss-4.2.3\server\default\deploy\IdentityMinder.ear\library;%SystemRoot%\SYSTEM32;%SystemRoot%;%SystemRoot%\SYSTEM32\WBEM
   

7. Save and close the file.
8. Start the JBoss application server.

   You have configured the Enterprise Management Server for CA SiteMinder integration. You can now browse to the CA Access Control Enterprise Management URL and verify that CA SiteMinder secures the login session.