Configuration GuideSiteMinder Integration › Adding SiteMinder to an Existing CA Identity Manager Deployment

Previous Topic: Select Load Balancing or Fail Over

Next Topic: Removing SiteMinder from an Existing CA Identity Manager Deployment

Adding SiteMinder to an Existing CA Identity Manager Deployment

This section provides detailed instructions for adding CA SiteMinder to an existing Identity Manager environment (after CA Identity Manager has been installed). Before you begin, ensure that you have access to the following documents for reference:

To add CA SiteMinder to an existing Identity Manager environment

Important! All existing password policy configurations will be lost. Password policies are not portable when moving from an environment without SiteMinder to an environment with SiteMinder.

  1. Be sure you have a Web Server.
  2. Install and configure a Web Server to the application server proxy forwarder.
  3. Install and configure a SiteMinder Policy Server and Web Agent for this Web Server.

    Note: For more information, see the CA SiteMinder Policy Server Installation Guide and the CA SiteMinder Web Agent Installation Guide.

  4. Import the Identity Manager policy store schema to the policy store.
  5. Run the CA Identity Manager installer on the machine where the SiteMinder Policy Server is installed.

    Select only the Extensions for SiteMinder option when you run the installer.

  6. In the Management Console, export the Identity Manager directories and environments.
  7. Delete all directories and environments after the export completes.
  8. Edit the ra.xml file located in \iam_im.ear\policyserver.rar\META-INF, as follows:
    1. Set Enabled = true.
    2. In the ConnectionURL property, fill in the IP or hostname of the SiteMinder Policy Server.
    3. In the UserName property, fill in the name of the SiteMinder administrator.
    4. Encrypt the SiteMinder administrator's password using the Identity Manager Password Tool and put it in the AdminSecret property. The Password Tool can be found in:

      admin_tools\PasswordTool\pwdtools.bat.

      admin_tools

      The installed location of the Administrative Tools, which are installed in one of the following locations:

      Windows: C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools

      UNIX: /opt/CA/IdentityManager/IAM_Suite/Identity_Manager/tools

    5. In the AgentName property, fill in the name of the Agent.
    6. Encrypt the Agent's password using the Identity Manager Password Tool and put it in the AgentSecret property.
  9. Edit the web.xml file located in iam_im.ear\ user_console.war\WEB-INF, and set the FrameworkAuthFilter property to Enabled = false.

    Note: For WebSphere, the web.xml is located in WebSphere_home/AppServer/profiles/Profile_Name/config/cells/Cell_name/applications/iIam_im.ear/deployments/IdentityMinder/user_console.war/WEB-INF

  10. (WebSphere Only) Update the policyServer object in the Administrative Console with same values as in the ra.xml file.
  11. Restart the application server.
  12. For an RDB user store only, do the following:
    1. Configure a data source that SiteMinder will use to connect to the user directory.

      Note: For more information on configuring the data source, see the CA SiteMinder Policy Server Installation Guide.

    2. Add the SiteMinder data source information to the directory by editing the directory.xml file. In the directory.xml file, locate the line containing the <JDBC datasource="jdbc/userstore"/> tag and add the following line after it, with your user name and encrypted password: 
      <Credentials user="<your-user>">{PBES}:gSex2/BhDGzEKWvFmzca4w==</Credentials>
<DSN name="<name of the data source you created>"/>
  13. Enable the Web Agent by modifying the webagent.conf file in the Web Agent folder and setting it to Enabled = yes.

    In order to test the Web Agent configuration, go to the Management Console by using the Web Server port instead of the application server port.

  14. Import the directory.xml from Step 6 to create a new Identity Manager directory.
  15. Repeat Step 14 for all directories.
  16. In the environment ZIP file created in Step 6, edit the environment.xml file and add the SiteMinder Agent, as follows: 
    agent="SiteMinder_agent_name"
  17. Import the ZIP file to recreate the Identity Manager environment.

    Note: Be sure that you re-establish all of your connection objects, such as JDBC or reporting connections, after recreating the environment.

  18. Repeat Step 16 and Step 17 for all environments.
  19. Restart the application server.