Administration Guide › Reporting › How to Enable Reporting for Tenant Administrators › Enable SSO Reporting

Enable SSO Reporting

This section describes the pre-configuration steps for required for enabling SSO reports tasks.

Note! After you complete the following pre-configuration steps, installation for SSO reports is complete. However, reports are not yet available for use by the CSP or tenant administrator. To make reports available for use, complete the reporting configuration steps in the Reporting Chapter in the Identity Management Administration Guide.

Set the Registry for the Policy Server

1. To enable audit logging for CA CloudMinder, create the following DWORD registry on the Policy Server:

   HKLM\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports\LogCloudMinder.
   

2. Set the value of this registry to 1.
3. For a Linux installation, locate the sm.registry file:

   The default location of this file is Siteminder_home\registry.

4. Include the following in this file:

   HKLM\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports\LogCloudMinder
   

5. Set value of this registry to 1.

   You can use the XPSConfig utility to set this registry.

Set Logging to a Database or text file

The same setting which exists in smconsole for the access log is needed for CA CloudMinder access data. In the smconsole data tab, select either the database or a text file.

If the audit logging is to a text file, the CA CloudMinder access data is redirected to smaccess.log.

Enable Logging

1. Access the CSP console.
2. Select the data tab.
3. Locate the database drop down.
4. Select Audit Logs.
5. Locate the storage drop down and select ODBC.
6. Enter the data source information. Alternatively, select the Policy Store Database check box.
7. Check the logs tabs. 
8. In the Policy Server Audit Log section, enable events to be logged.

   Select items to log and choose Log All Events.

9. Restart SiteMinder.

Push Data offline from smaccess.log to a Database

Using smauditimport data, you can push data from smaccess.log to a configured Database. Run this command to push the data:

Smauditimport  <full path of the file need to import>  <Data source name>  <Database user name> <Database password>

Add the SSO Reporting Tasks

1. Log in to SiteMinder database as the SiteMinder database user.
2. Run the following commands:

   create or replace
   FUNCTION IM_Audit_Start_Date (rangeVal int, multiplier int, startdatetime DATE)
   
   RETURN DATE is
   tempid1 DATE;
   BEGIN
   
   if rangeVal = -1
   then tempid1 := startdatetime;
   else
   case rangeVal
     when 1 then tempid1 := sysdate - multiplier;
   --Last N days
     when 2 then tempid1 := trunc(sysdate, 'DAY') - (7 * multiplier);
   --weekly
     when 3 then tempid1 := add_months(trunc(sysdate, 'month'), -multiplier);
   -- first day of the month
     when 4 then tempid1 := add_months(trunc(sysdate, 'month'), -(3 * multiplier));
   -- quarter of the month
     when 5 then tempid1 := add_months(trunc(sysdate,'y'), -(12 * multiplier));
   --Yearly
     else tempid1 := sysdate;
   end case;
   end if;
   return tempid1;
   END;
   
   create or replace
   FUNCTION IM_Audit_End_Date (rangeVal int, enddatetime DATE)
   
   RETURN DATE is
   tempid1 DATE;
   BEGIN
   if rangeVal = -1
   then tempid1 := enddatetime;
   else
   case rangeVal
     when 1 then tempid1 := sysdate;
   --Last N days
     when 2 then tempid1 := trunc(sysdate, 'day') -1 + (1439/1440);
   --weekly
     when 3 then tempid1 := trunc(sysdate, 'month') - 1 + (1439/1440);
   -- last day of the month
     when 4 then tempid1 := trunc(sysdate, 'month') - 1 + (1439/1440);
   -- quarter of the month
     when 5 then tempid1 := trunc(sysdate,'y')-1 + (1439/1440);
   --Yearly
   else tempid1 := sysdate;
   end case;
   end if;
   return tempid1;
   END;
   

   Note: The previous commands are also found in the datefunctions.sql script. If you have access to this script, simply run the datefunctions.sql script file.

3. Change directory to JBoss/server/all/deploy/iam_im.ear/user-console.war/reports.
4. Copy the cam-sso-oracle-reports.biar and cam-sso-oracle-reports.xml to the im_admin_tools_dir/ReportServerTools folder.
5. Edit cam-sso-oracle-reports.xml and replace all content with the following text:

   <?xml version="1.0"?>
   <biconfig version="1.0">
     <!-- Import BIAR file -->
     <step priority="1">
       <add>
                   <biar-file name="cam-sso-oracle-reports.biar"/>
       </add>
     </step>
   </biconfig>
   

6. Log in to the User Console as the CSP administrator.
7. Add the JDBC tasks to the CSP Administrator role:
   1. In the left-hand navigation menu, select Roles and Tasks, Admin Roles, Modify Admin Role.
   2. Select CSP Administrator and click Select.
   3. Click the Tasks tab.
   4. Under Filter by Category, select System.
   5. Under Add Task, select Create JDBC Connection. Repeat to select Delete JDBC Connection, Modify JDBC Connection and View JDBC Connection.

      As you select each task, the task appears in the table of tasks assigned to the CSP Administrator role.

   6. Click Submit.
8. Make the JDBC tasks visible in the CSP Administrator's console:
   1. In the left-hand navigation menu, select Roles and Tasks, Admin Tasks, Modify Admin Task.
   2. Search for the string *JDBC*
   3. For each JDBC task, select the task, clear the Hide in Menus check box, and click Submit.

Enable the Single Sign On Manager Role

1. Log in to the User Console as the CSP administrator.
2. Select Roles and Tasks, Admin Roles, Enable/Disable Admin Role.
3. Select the check box to enable the Single Sign On Manager role, and click Select.
4. Click Yes to confirm.

   The system enables the Single Sign On Manager role.

The pre-configuration steps for SSO reports are complete. However, before you can use reports, complete the reporting configuration by following the steps in the Reporting Chapter in the Identity Management Administration Guide.

Generally, the report configuration steps are as listed below. Note the following:

1. Configure a connection between the report server and Identity Management.
2. Create a JDBC connection object and specify the SiteMinder database connection details.
   1. Enter JDBC as the Connection Type.
   2. Under connection details, enter the SiteMinder audit database information and valid user credentials for a user who has access to the SiteMinder Audit DB. The SiteMinder audit database details can be found by running the smconsole utility.
3. Associate the JDBC connection with all SSO reports. Set the connection type as a JDBC Connection for each SSO report task listed below:
   • SSO-Authentications by Authentication Type Report
   • SSO-Unique User Authentications Detail Report
   • SSO-Unique User Authentications Summary Report
   • SSO-Authentications by Auth type per Application Report
   • SSO-User Accesses per Application Report
   • SSO-User Access Detail Report
   • SSO-User Authentication Detail Report

After you complete both pre-configuration and configuration steps for reporting, the tenant administrator can request SSO reports in the User Console.