|
|
|
Important! For CA IdentityMinder installations r12.5 SP7 and later, the Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files (JCE libraries) are required. Download these libraries from the Oracle Web site. Load them into the following folder: <Java_path>\<jdk_version>\jre\lib\security\.
The following list summarizes the process for integrating SiteMinder into CA IdentityMinder:
This task enables CA IdentityMinder to create, update, and delete the policy objects. Examples include Directory objects, Domains, Realms, Rules, Policies, and the policy objects that enable Access Roles and Tasks.
This task updates the Policy Store and prepares it for CA IdentityMinder objects.
This task enables communication between SiteMinder and CA IdentityMinder. The agent is referenced during the CA IdentityMinder configuration.
The integration process removes all of the current environment and directory definitions. To help ensure that this information is maintained, you export the environments using the CA IdentityMinder Management Console. After you complete the integration, use these definitions to restore the directories and environments.
To prepare for the switch to use SiteMinder to protect CA IdentityMinder, delete the definitions from the Management Console.
The adapter validates the SMSESSION cookie. After validation, SiteMinder sets the user context is set and access to CA IdentityMinder is allowed.
With the SiteMinder adapter in place, the filter is no longer needed.
The restart refreshes the application server with the changes. You can validate that the switch was successful and that a proper connection to the SiteMinder Policy Server exists.
If your CA IdentityMinder environment uses a relational database for its identity store, an extra step is required on the SiteMinder Policy Server. SiteMinder requires the presence of a local data source to communicate with the relational database.
To prepare for importing the environments, import the directories that the environments reference. With communication established, directory imports to CA IdentityMinder trigger user directory imports into SiteMinder.
Import the environments back into CA IdentityMinder as you did the directory definitions. Unlike before, update the environment xml before importing by referencing the SiteMinder 4.X agent in the environment definition. SiteMinder is called and the proper domain configurations are made to protect your CA IdentityMinder environments.
This step prepares the server for use.
Perform this task after you perform the CA IdentityMinder tasks. While you load your environments into CA IdentityMinder, reference the 4.X agent. SiteMinder uses that agent when creating the Domain/Realm on the SiteMinder Policy Server. This agent validates SMSESSION cookies. Update the Domain/Realm and reference the fully functioning agent that is on the CA IdentityMinder web server. This web server acts as the access point to CA IdentityMinder and creates SMSESSION cookies.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |