Federation Manager Guide › Federation Manager and SiteMinder Integration › How to Configure the SiteMinder Connector › Configure a Policy at the SiteMinder Policy Server

Configure a Policy at the SiteMinder Policy Server

The SiteMinder Connector enables Federation Manager to work with an existing SiteMinder Policy Server. The following configuration steps must be done at the SiteMinder Policy Server before configuring the SiteMinder Connector at Federation Manager.

Federation Manager can work with a r12 or 6.0 SP5 Policy Server. The instructions that follow are not specific to one UI or the other. For detailed steps on configuring these Policy Server objects, see the CA r12 SP1 SiteMinder Policy Server Configuration Guide or the CA 6.0 SP5 SiteMinder Policy Design Guide.

Note: Federation Manager cannot operate in FIPS-only mode if it is using SiteMinder Connector mode to connect to a SiteMinder r6.0 SP5 PolicyServer.

To set up a policy for the SiteMinder Connector at the Policy Server

1. Copy the library needed to create the custom SiteMinder authentication scheme. The library name is:
   • Windows: smauthsmconnector.dll
   • Solaris: libsmauthsmconnector.so

   Locate the library in the directory federation_mgr_home/connectors/siteminder/operating_system and copy it to policy_server_home/siteminder/bin.

   • operating_system

     Specifies the operating system for the Federation Managersystem. The options are: linux, solaris, win32.

2. Log on to the SiteMinder Policy Server User Interface (6.0 SP5) or the SiteMinder WAM Administrative UI (r12x).
3. Create a Web Agent that represents Federation Manager. For example, you could name it Federation Manager Agent.

   Important! Do not select the option for supporting 4.x agents.

4. Create an Agent Configuration Object, which specifies the Agent's configuration, and specify a value for the DefaultAgentName setting. This setting alone is sufficient for the object.
5. Create a Host Configuration Object.

   The Host Configuration Object defines the connection between a trusted host and the Policy Server(s). To integrate Federation Manager and SiteMinder, the Host Configuration Object defines the Policy Server(s) to which Federation Manager can connect.

   If you want Federation Manager to connect to one or more Policy Servers specified in an existing Host Configuration Object, you can use that object. Otherwise, create a new one for the Federation Manager-to-Policy Server-connection.

6. Create a custom authentication scheme with the following values:
   • Library

     SmAuthSmConnector

   • Secret

     alphanumeric string

     The value you enter in this field must match the value you enter for the Shared Secret in the SiteMinder Connector setting that you configure in the Federation Manager UI.

7. Create a policy domain for Federation Manager. This domain must contain the necessary realm and resource that you add to the policy to create a SiteMinder session.
8. Add the user directory used by Federation Manager and SiteMinder to the domain you just configured.
9. Create a realm with the following values:
   • Agent

     Specify the Web Agent you created for Federation Manager.

   • Resource Filter

     Specify a dummy directory, such as /federationmgr/. This directory does not have to exist on a web server.

   • Authentication Scheme

     Enter the name you gave to the custom authentication scheme created previously.

10. Create a rule with the following values:
    • Resource

      *

    • Action

      Web Agent—Get and Post

11. Create a policy with the following settings:
    • Users

      Specify users from the user directory shared by Federation Manager and SiteMinder.

    • Rules

      Add the rule created for the SiteMinder Connector.

You have now configured a policy that will generate a SiteMinder session when communicating with Federation Manager.