Integration Guide › Integrating with CA SiteMinder › How to Integrate with CA SiteMinder › Configure CA SiteMinder to Secure the Enterprise Management Server

Configure CA SiteMinder to Secure the Enterprise Management Server

The following explains how to configure CA SiteMinder to secure the Enterprise Management Server log in session. Configure the user store so that CA SiteMinder secures the authentication scheme and the domain policy.

Follow these steps:

1. Do the following:
   1. Go to Start, All Programs, CA, SiteMinder, CA SiteMinder Administrative UI.

      The CA SiteMinder Administrative UI opens prompting you for a username and password.

   2. Enter the credentials for the CA SiteMinder administrator user account.
   3. Select Infrastructure, Directory, User Directory, Create User Directory.
   4. Complete the following fields in the General frame:
      • Name—ac-dir
      • Description—Access Control User Store
   5. Move to the Directory Setup frame and complete the following fields:
      • Namespace—LDAP
      • Server—directory_hostname:port
   6. Move to the Administrator Credentials and complete the following fields:
      • Require credentials—check
      • Username—Bind user full DN
      • Password—password
      • Confirm Password—password
   7. Move to the LDAP Settings frame and complete the following fields:
      • Root—searchroot
      • Scope—Sub-Tree
      • Start—(&(sAMAccountName=
      • End—)(objectclass=top)(objectclass=person)(objectclass=organizationalperson)(objectclass=user))
   8. Move to the User Attributes frame and complete the following fields:
      • Universal ID—Attribute name corresponding to %USER_ID%
2. Click Submit.

   CA SiteMinder creates the user directory object.

3. Select View User Directory, ac-dir, View Content.

   The user store entries appear.

4. Select Infrastructure, Authentication, Authentication Scheme, Create Authentication Scheme, complete the following fields:
   • Name—ac-basic-auth
   • Description—CA ControlMinder Enterprise Management basic authentication
   • Authentication Scheme Type—Basic Template
   • Protection Level—5
   • Library—smauthdir
5. Click Submit

   CA SiteMinder creates the authentication scheme object.

6. Select Policies, Domains, Domain, Create Domain.
7. Specify the name of the domain.
8. Move to the User Directories frame and clicks Add/Remove.
9. Move ac-dir from the Available Members list to the Selected Members list, and then click OK.
10. Select Policy, Realms, Create Realm and complete the following fields:
    • Name—ac-realm
    • Agent—webserver-agent
    • Resource Filter—/iam/
    • Default Resource Protection—Protected
    • Authentication Scheme—ac-basic-auth
11. Move to the Rules frame, select Create and complete the following fields:
    • Name—ac-rule
    • Resource—*
    • Allow Access—select
    • Web Agent Actions—Get, Post
12. Click OK and Finish.
13. Select Policies, Domain, Domain Policies, Create, and complete the following field in the General tab:
    • Name—ac-policy
14. Move to the Users tab and select Add All
15. Move to the Rules tab, click Add Rule, select ac-rule, and click OK.
16. Click OK and Submit to create the domain.

You have configured the domain and realm policy.