Federation Manager GuideSiteMinder Integrated with Federation ManagerHow to Configure the SiteMinder Connector › Configure a Policy at the SiteMinder Policy Server

Previous Topic: FIPS Compatibility in SiteMinder Connector Mode

Next Topic: Configure the SiteMinder Connector

Configure a Policy at the SiteMinder Policy Server

The SiteMinder Connector enables Federation Manager to work with an existing SiteMinder Policy Server. The following configuration steps must be done at the SiteMinder Policy Server before configuring the SiteMinder Connector at Federation Manager.

Federation Manager can work with a r12 or 6.0 SP5 Policy Server. The instructions that follow are not specific to one UI or the other. To configure the Policy Server objects, see the CA r12 SP1 SiteMinder Policy Server Configuration Guide or the CA 6.0 SP5 SiteMinder Policy Design Guide.

Note: If the deployment uses the SiteMinder Connector to connect to a SiteMinder r6.0 SP5 Policy Server, Federation Manager cannot operate in FIPS-only mode.

To set up a policy for the SiteMinder Connector

  1. Copy the library for the custom SiteMinder authentication scheme to the Policy Server. Select the correct library for your operating environment:

    Unzip the smauthconnectors.zip included with the Federation Manager kit and copy the correct library to policy_server_home/siteminder/bin.

  2. Log on to the SiteMinder Policy Server User Interface (6.0 SP5) or the SiteMinder WAM Administrative UI (r12x).
  3. Create a Web Agent that represents Federation Manager. For example, you could name it Federation Manager Agent.

    Important! Do not select the option for supporting 4.x agents.

  4. Create an Agent Configuration Object, which specifies the Agent configuration, and specify a value for the DefaultAgentName setting. This setting alone is sufficient for the object.
  5. Create a Host Configuration Object.

    The Host Configuration Object defines the connection between a trusted host and the Policy Server. To integrate Federation Manager and SiteMinder, the Host Configuration Object defines the Policy Server to which Federation Manager can connect.

    If you want Federation Manager to connect to one or more Policy Servers specified in an existing Host Configuration Object, you can use that object. Otherwise, create one for the Federation Manager-to-Policy Server-connection.

  6. Create a custom authentication scheme with the following values:
    Library

    SmAuthSmConnector

    Secret

    alphanumeric string

    The value for this field must match the value Shared Secret value in the SiteMinder Connector settings in the Federation Manager UI.

  7. Create a policy domain for Federation Manager. This domain must contain the necessary realm and resource that you add to the policy to create a SiteMinder session.
  8. Add the user directory used by Federation Manager and SiteMinder to the domain you configured.
  9. Create a realm with the following values:
    Agent

    Specify the Web Agent you created for Federation Manager.

    Resource Filter

    Specify a dummy directory, such as /federationmgr/. This directory does not have to exist on a web server.

    Authentication Scheme

    Enter the name you gave to the custom authentication scheme created previously.

  10. Create a rule with the following values:
    Resource

    *

    Action

    Web Agent—Get and Post

  11. Create a policy with the following settings:
    Users

    Specify users from the user directory shared by Federation Manager and SiteMinder.

    Rules

    Add the rule created for the SiteMinder Connector.

You have now configured a policy that generates a SiteMinder session when communicating with Federation Manager.