Installation Guide › Configuration › Identity Management Sensitive Tasks

Identity Management Sensitive Tasks

Follow these steps:

1. Enable ODBC Session Store Policy Servers as follows:
   1. Set the X11 DISPLAY variable.
   2. Issue the command: /opt/CA/siteminder/bin/smconsole
2. Login to CSP console and use the Modify Agent Configuration task.

   Select CAM-AgentObj and make sure that the FCCCompatMode is set to no.

3. Create a response Response in domain tenantDomain and create the following attribute:
   • Attribute: WebAgent-OnReject-Redirect
   • Attribute Kind: Static
   • Variable Value: /siteminderagent/forms/reauthenticate.fcc:validate
4. Create a policy Policy in the domain tenantDomain.
5. Select Add All for User Directories.
6. Add two rules in tenant_ims_realm:

   <Rule1>: 
   Resource:		*task.tag=ChangeMyPassword
   	Regular Expression:	checked
   	Action:			Web Agent Actions, GET and POST
   <Rule2>:
   Resource:		*task.tag=ChangeMyPassword
   	Regular Expression:	checked
   	Action:			Authorization events, OnAccessValidateIdentity
   

7. Add the response Response to Rule2.
8. Commit the creation.
9. In the Policy Server, run the command tool xpsexplorer and make the following change:
   1. Modify policy Policy, set ValidateIdentity to true.
   2. Restart each policy server configured for high availability.
   3. Restart policy engine in each Secure Proxy Server configured for high availability.