Previous Topic: Integrate with SiteMinder using the SiteMinder Connector

Next Topic: Configure the Connector Settings

Federation Manager GuideSiteMinder Integration with Federation ManagerHow to Integrate Federation Manager and SiteMinderConfigure a Policy to Generate a Session at Each Site

Configure a Policy to Generate a Session at Each Site

The SiteMinder Connector enables Federation Manager to work with an existing Policy Server. The first step is to configure a policy. At the asserting party, the policy generates a federation session. At the relying party, the policy generates a SiteMinder session. Though this policy functions as any other policy, its main objective is to trigger a session, not to protect resources.

Note: Configure a policy at the asserting and the relying party.

The policy requires that you configure the typical policy objects; however, you apply a custom SiteMinder Connector authentication scheme. This policy is additional to existing policies for access control.

To configure the Policy Server objects, see the Policy Server Configuration Guide.

Important! Complete the following configuration steps at the Policy Server before configuring the Connector.

Follow these steps:

  1. Unzip smauthconnectors.zip, which is included with the Federation Manager kit on the SiteMinder system.
  2. Select the correct custom authentication scheme library for your operating environment:
  3. Copy the library to the appropriate directory for your operating platform:

    Windows: policy_server_home/siteminder/bin

    Solaris/Linux: policy_server_home/siteminder/lib

  4. Log on to the SiteMinder WAM Administrative UI.
  5. Create a Web Agent that represents Federation Manager. For example, name it Federation Agent.

    Important! Do not select the option for supporting 4.x agents.

  6. Create an Agent Configuration Object, which specifies the Agent configuration, and specify a value for the DefaultAgentName setting. This setting alone is sufficient for the object.
  7. Create a Host Configuration Object.

    The Host Configuration Object defines the connection between a trusted host and the Policy Server. To integrate Federation Manager and SiteMinder, the Host Configuration Object defines the Policy Server to which Federation Manager can connect.

    If you want Federation Manager to connect to one or more Policy Servers specified in an existing Host Configuration Object, you can use that object. Otherwise, create one for the Federation Manager-to-Policy Server-connection.

  8. Create a custom SiteMinder connector authentication scheme with the following values:
    Library

    smauthsmconnector

    This value is case-sensitive.

    Secret

    alphanumeric string

    The value for this field must match the value Shared Secret value in the Connector settings in the Federation Manager UI.

  9. Create a policy domain for Federation Manager. This domain must contain the necessary realm and resource that you add to the policy to create a SiteMinder session.
  10. Add the user directory that Federation Manager and SiteMinder uses to the domain you configured.
  11. Create a realm with the following values:
    Agent

    Specify the Web Agent from the previous step.

    Resource Filter

    Specify a dummy directory, such as /federationmgr/. This directory does not have to exist on a web server.

    Authentication Scheme

    Enter the name you gave to the custom authentication scheme created previously.

  12. Create a rule with the following values:
    Resource

    *

    Action

    Web Agent—Get and Post

  13. Create a policy with the following settings:
    Users

    Specify users from the user directory that Federation Manager and SiteMinder share.

    Rules

    Add the rule created for the Connector.

You now have a policy that generates a SiteMinder session when communicating with Federation Manager.