Integration Guide › Integrating with CA SiteMinder › How to Integrate with CA SiteMinder › Configure CA SiteMinder to Secure the Enterprise Management Server
Configure CA SiteMinder to Secure the Enterprise Management Server
The following explains how to configure CA SiteMinder to secure the Enterprise Management Server log in session. Configure the user store so that CA SiteMinder secures the authentication scheme and the domain policy.
Follow these steps:
- Do the following:
- Go to Start, All Programs, CA, SiteMinder, CA SiteMinder Administrative UI.
The CA SiteMinder Administrative UI opens prompting you for a username and password.
- Enter the credentials for the CA SiteMinder administrator user account.
- Select Infrastructure, Directory, User Directory, Create User Directory.
- Complete the following fields in the General frame:
- Name—ac-dir
- Description—Access Control User Store
- Move to the Directory Setup frame and complete the following fields:
- Namespace—LDAP
- Server—directory_hostname:port
- Move to the Administrator Credentials and complete the following fields:
- Require credentials—check
- Username—Bind user full DN
- Password—password
- Confirm Password—password
- Move to the LDAP Settings frame and complete the following fields:
- Root—searchroot
- Scope—Sub-Tree
- Start—(&(sAMAccountName=
- End—)(objectclass=top)(objectclass=person)(objectclass=organizationalperson)(objectclass=user))
- Move to the User Attributes frame and complete the following fields:
- Universal ID—Attribute name corresponding to %USER_ID%
- Click Submit.
CA SiteMinder creates the user directory object.
- Select View User Directory, ac-dir, View Content.
The user store entries appear.
- Select Infrastructure, Authentication, Authentication Scheme, Create Authentication Scheme, complete the following fields:
- Name—ac-basic-auth
- Description—CA ControlMinder Enterprise Management basic authentication
- Authentication Scheme Type—Basic Template
- Protection Level—5
- Library—smauthdir
- Click Submit
CA SiteMinder creates the authentication scheme object.
- Select Policies, Domains, Domain, Create Domain.
- Specify the name of the domain.
- Move to the User Directories frame and clicks Add/Remove.
- Move ac-dir from the Available Members list to the Selected Members list, and then click OK.
- Select Policy, Realms, Create Realm and complete the following fields:
- Name—ac-realm
- Agent—webserver-agent
- Resource Filter—/iam/
- Default Resource Protection—Protected
- Authentication Scheme—ac-basic-auth
- Move to the Rules frame, select Create and complete the following fields:
- Name—ac-rule
- Resource—*
- Allow Access—select
- Web Agent Actions—Get, Post
- Click OK and Finish.
- Select Policies, Domain, Domain Policies, Create, and complete the following field in the General tab:
- Move to the Users tab and select Add All
- Move to the Rules tab, click Add Rule, select ac-rule, and click OK.
- Click OK and Submit to create the domain.
You have configured the domain and realm policy.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|