Previous Topic: Install and Configure the CA SiteMinder Web AgentNext Topic: Configure the Enterprise Management Server to Use CA SiteMinder To Authenticate Users


Configure CA SiteMinder to Secure the Enterprise Management Server

The following explains how to configure CA SiteMinder to secure the Enterprise Management Server log in session. Configure the user store so that CA SiteMinder secures the authentication scheme and the domain policy.

Follow these steps:

  1. Do the following:
    1. Go to Start, All Programs, CA, SiteMinder, CA SiteMinder Administrative UI.

      The CA SiteMinder Administrative UI opens prompting you for a username and password.

    2. Enter the credentials for the CA SiteMinder administrator user account.
    3. Select Infrastructure, Directory, User Directory, Create User Directory.
    4. Complete the following fields in the General frame:
      • Name—ac-dir
      • Description—Access Control User Store
    5. Move to the Directory Setup frame and complete the following fields:
      • Namespace—LDAP
      • Serverdirectory_hostname:port
    6. Move to the Administrator Credentials and complete the following fields:
      • Require credentials—check
      • Username—Bind user full DN
      • Passwordpassword
      • Confirm Passwordpassword
    7. Move to the LDAP Settings frame and complete the following fields:
      • Rootsearchroot
      • Scope—Sub-Tree
      • Start—(&(sAMAccountName=
      • End—)(objectclass=top)(objectclass=person)(objectclass=organizationalperson)(objectclass=user))
    8. Move to the User Attributes frame and complete the following fields:
      • Universal ID—Attribute name corresponding to %USER_ID%
  2. Click Submit.

    CA SiteMinder creates the user directory object.

  3. Select View User Directory, ac-dir, View Content.

    The user store entries appear.

  4. Select Infrastructure, Authentication, Authentication Scheme, Create Authentication Scheme, complete the following fields:
  5. Click Submit

    CA SiteMinder creates the authentication scheme object.

  6. Select Policies, Domains, Domain, Create Domain.
  7. Specify the name of the domain.
  8. Move to the User Directories frame and clicks Add/Remove.
  9. Move ac-dir from the Available Members list to the Selected Members list, and then click OK.
  10. Select Policy, Realms, Create Realm and complete the following fields:
  11. Move to the Rules frame, select Create and complete the following fields:
  12. Click OK and Finish.
  13. Select Policies, Domain, Domain Policies, Create, and complete the following field in the General tab:
  14. Move to the Users tab and select Add All
  15. Move to the Rules tab, click Add Rule, select ac-rule, and click OK.
  16. Click OK and Submit to create the domain.

You have configured the domain and realm policy.