Previous Topic: Configure CA SiteMinder to Secure the Enterprise Management ServerNext Topic: Integrating with CA SiteMinder 32-bit


Configure the Enterprise Management Server to Use CA SiteMinder To Authenticate Users

The following steps explain how to configure the Enterprise Management Server for CA SiteMinder integration.

Note: Complete the following steps on Windows x64 operating system before you begin this procedure:

Follow these steps:

  1. On the Enterprise Management Server:
    1. Stop the JBoss application server.
    2. Navigate to the following directory, where JBOSS_HOME is the directory where you installed JBoss:
      JBOSS_HOME/server/default/deploy/IdentityMinder.ear/user_console.war/WEB-INF
      
    3. Open the web.xml file and locate the FrameworkAuthFilter section.
    4. Modify the value to false, then save and close the file. For example:
      <filter>
        <filter-name>FrameworkAuthFilter</filter-name>
        <filter-class>com.netegrity.webapp.authentication.FrameworkLoginFilter</filter-class>
        <init-param>
          <param-name>Enable</param-name>
          <param-value>false</param-value>
        </init-param>
      </filter>
      
  2. Navigate to the following directory:
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/policyserver.rar/META-INF
    
  3. Do the following:
    1. Open the ra.xml file and set the value to true to enable the connection, as follows:
      <config-property>
      
       <config-property-name>Enabled</config-property-name>
      
       <config-property-type>java.lang.String</config-property-type>
      
       <config-property-value>true</config-property-value>
      
      </config-property>
      
    2. Configure the FIPS mode according to the CA SiteMinder Policy Server configuration, as follows:
      <config-property>
        <config-property-name>FIPSMode</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>false</config-property-value>
      </config-property>
      
    3. Define the CA SiteMinder Policy Server hostname, IP address, and port number, as follows:
      <config-property>
        <config-property-name>ConnectionURL</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>policyservernode.example.com,44441,44442,44443</config-property-value>
      </config-property>
      
    4. Define the administrative user account settings, as follows:
      <config-property>
        <config-property-name>UserName</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>siteminder</config-property-value>
      </config-property
      
    5. Run the password tool that is located in the following directory:
      /CA/AccessControlServer/IAMSuite/AccessControl/tools/PasswordTool
      

      For example:

      pwdTools -FIPS -p <clear_text_password> -k JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys/FIPSKey.dat
      
    6. Define AdminSecret as the output of the following encryption command,as follows:
      <config-property>
        <config-property-name>AdminSecret</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>{AES}:gSez2/BhDGzEKWvFmzca4w==</config-property-value>
      </config-property>
      
    7. Define AgentName as the CA ControlMinder Enterprise Management node agent name:
      <config-property>
        <config-property-name>AgentName</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>webserver-agent</config-property-value>
      </config-property>
      
    8. Encrypt the CA ControlMinder Enterprise Management shared secret using the following password tool command:
      ACServerInstallDir/IAMSuite/AccessControl/tools/Passwordtool/pwdtools.bat -FIPS -p <your_shared_secret> -k JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys/FIPSKey.dat
      
    9. Define AgentSecret as the encrypted output of the following command:
      <config-property>
        <config-property-name>AgentSecret</config-property-name>
        <config-property-type>java.lang.String</config-property-type>
        <config-property-value>{AES}:gSez2/BhDGzEKWvFmzca4w==</config-property-value>
      </config-property>
      
  4. Save and close the file.
  5. Navigate to the following directory:
    JBoss_HOME/bin
    
  6. Edit the run_idm.bat and set the %PATH% variable to the JBoss installation path: For example:
    set PATH=%PATH%;C:\jboss-4.2.3\server\default\deploy\IdentityMinder.ear\library;%SystemRoot%\SYSTEM32;%SystemRoot%;%SystemRoot%\SYSTEM32\WBEM
    
  7. Save and close the file.
  8. Start the JBoss application server.

    You have configured the Enterprise Management Server for CA SiteMinder integration. You can now browse to the CA ControlMinder Enterprise Management URL and verify that CA SiteMinder secures the login session.