Previous Topic: Enable Advanced Authentication ReportingNext Topic: How to Create a Custom Report

Administration GuideReportingHow to Enable Reporting for Tenant AdministratorsEnable SSO Reporting

Enable SSO Reporting

This section describes the pre-configuration steps for required for enabling SSO reports tasks.

Set the Registry for the Policy Server

  1. To enable audit logging for CA CloudMinder, create the following DWORD registry on the Policy Server: 
    HKLM\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports\LogCloudMinder.
  2. Set the value of this registry to 1.
  3. For a Linux installation, locate the sm.registry file:

    The default location of this file is Siteminder_home\registry.

  4. Include the following in this file: 
    HKLM\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports\LogCloudMinder
  5. Set value of this registry to 1.

    You can use the XPSConfig utility to set this registry.

Set Logging to a Database or text file

The same setting which exists in smconsole for the access log is needed for CA CloudMinder access data. In the smconsole data tab, select either the database or a text file.

If the audit logging is to a text file, the CA CloudMinder access data is redirected to smaccess.log.

Enable Logging

  1. Access the CSP console.
  2. Select the data tab.
  3. Locate the database drop down.
  4. Select Audit Logs.
  5. Locate the storage drop down and select ODBC.
  6. Enter the data source information. Alternatively, select the Policy Store Database check box.
  7. Check the logs tabs. 
  8. In the Policy Server Audit Log section, enable events to be logged.

    Select items to log and choose Log All Events.

  9. Restart SiteMinder.

Push Data offline from smaccess.log to a Database

Using smauditimport data, you can push data from smaccess.log to a configured Database. Run this command to push the data:

Smauditimport  <full path of the file need to import>  <Data source name>  <Database user name> <Database password>

Add the SSO Reporting Tasks for PostgreSQL

  1. Log in to the SiteMinder database as the SiteMinder database user.
  2. Change directory to this location: 
    /opt/jboss-eap-5.1.2/jboss-as/server/all/deploy/iam_im.ear/user_console.war/reports
  3. Extract the ZIP file: cam-sso-postgresql-functions.zip
  4. Run the following scripts as Identity Management Object Store Database User: 
    im-postgresql-audit_start_date.sql

    im-postgresql-audit_end_date.sql
  5. Change directory to JBoss/server/all/deploy/iam_im.ear/user-console.war/reports.
  6. Copy the cam-sso-postgresql-reports.biar and cam-sso-oracle-reports.xml to the im_admin_tools_dir/ReportServerTools folder.
  7. Rename cam-sso-oracle-reports.xml to cam-sso-postgres-reports.xml and replace all content with the following text: 
    <?xml version="1.0"?>
<biconfig version="1.0">
  <!-- Import BIAR file -->
  <step priority="1">
    <add>
                <biar-file name="cam-sso-postgresql-reports.biar"/>
    </add>
  </step>
</biconfig>
  8. Run the BIconfig utility to export cam-sso-postgresql-reports.biar into the Report Server. 
    ./biconfig.sh -h "hostname" -u "administrator_name" -p "administrator_password" -f "cam-sso-postgres-reports.xml"

Add the SSO Reporting Tasks for Oracle

  1. Log in to SiteMinder database as the SiteMinder database user.
  2. Run the following commands: 
    create or replace
FUNCTION IM_Audit_Start_Date (rangeVal int, multiplier int, startdatetime DATE)

RETURN DATE is
tempid1 DATE;
BEGIN

if rangeVal = -1
then tempid1 := startdatetime;
else
case rangeVal
  when 1 then tempid1 := sysdate - multiplier;
--Last N days
  when 2 then tempid1 := trunc(sysdate, 'DAY') - (7 * multiplier);
--weekly
  when 3 then tempid1 := add_months(trunc(sysdate, 'month'), -multiplier);
-- first day of the month
  when 4 then tempid1 := add_months(trunc(sysdate, 'month'), -(3 * multiplier));
-- quarter of the month
  when 5 then tempid1 := add_months(trunc(sysdate,'y'), -(12 * multiplier));
--Yearly
  else tempid1 := sysdate;
end case;
end if;
return tempid1;
END;

create or replace
FUNCTION IM_Audit_End_Date (rangeVal int, enddatetime DATE)

RETURN DATE is
tempid1 DATE;
BEGIN
if rangeVal = -1
then tempid1 := enddatetime;
else
case rangeVal
  when 1 then tempid1 := sysdate;
--Last N days
  when 2 then tempid1 := trunc(sysdate, 'day') -1 + (1439/1440);
--weekly
  when 3 then tempid1 := trunc(sysdate, 'month') - 1 + (1439/1440);
-- last day of the month
  when 4 then tempid1 := trunc(sysdate, 'month') - 1 + (1439/1440);
-- quarter of the month
  when 5 then tempid1 := trunc(sysdate,'y')-1 + (1439/1440);
--Yearly
else tempid1 := sysdate;
end case;
end if;
return tempid1;
END;

    Note: The previous commands are also found in the datefunctions.sql script. If you have access to this script, simply run the datefunctions.sql script file.

  3. Change directory to JBoss/server/all/deploy/iam_im.ear/user-console.war/reports.
  4. Copy the cam-sso-oracle-reports.biar and cam-sso-oracle-reports.xml to the im_admin_tools_dir/ReportServerTools folder.
  5. Edit cam-sso-oracle-reports.xml and replace all content with the following text: 
    <?xml version="1.0"?>
<biconfig version="1.0">
  <!-- Import BIAR file -->
  <step priority="1">
    <add>
                <biar-file name="cam-sso-oracle-reports.biar"/>
    </add>
  </step>
</biconfig>
  6. Run the BIconfig utility to export cam-sso-postgresql-reports.biar into the Report Server. 
    ./biconfig.sh -h "hostname" -u "administrator_name" -p "administrator_password" -f "cam-sso-oracle-reports.xml"

Add JDBC Connections for Siteminder database

  1. Log in to the User Console as the CSP administrator.
  2. Add the JDBC tasks to the CSP Administrator role:
    1. In the left-hand navigation menu, select Roles and Tasks, Admin Roles, Modify Admin Role.
    2. Select CSP Administrator and click Select.
    3. Click the Tasks tab.
    4. Under Filter by Category, select System.
    5. Under Add Task, select Create JDBC Connection. Repeat to select Delete JDBC Connection, Modify JDBC Connection and View JDBC Connection.

      As you select each task, the task appears in the table of tasks that are assigned to the CSP Administrator role.

    6. Click Submit.
  3. Make the JDBC tasks visible in the CSP Administrator's console:
    1. In the left-hand navigation menu, select Roles and Tasks, Admin Tasks, Modify Admin Task.
    2. Search for the string *JDBC*
    3. For each JDBC task, select the task, clear the Hide in Menus check box, and click Submit.

Enable the Single Sign On Manager Role

  1. Log in to the User Console as the CSP administrator.
  2. Select Roles and Tasks, Admin Roles, Enable/Disable Admin Role.
  3. Enable the Single Sign On Manager role by selecting the check box, and click Select.
  4. Click Yes to confirm.

    The system enables the Single Sign On Manager role.

Configure Reporting

The pre-configuration steps for SSO reports are complete. You now perform the steps in the Reporting Chapter of the Identity Management Administration Guide. The following procedure summarizes that chapter.

  1. Configure a connection between the report server and Identity Management.
  2. Create a JDBC connection object and specify the SiteMinder database connection details.
    1. Enter JDBC as the Connection Type.
    2. Under connection details, enter the SiteMinder audit database information and valid user credentials for a user who has access to the SiteMinder Audit DB. The SiteMinder audit database details can be found by running the smconsole utility.
  3. Associate the JDBC connection with all SSO reports. Set the connection type as a JDBC Connection for the following SSO report tasks:

After you complete both pre-configuration and configuration steps for reporting, the tenant administrator can request SSO reports in the User Console.