Use CA SiteMinder with CA Process Automation › Configure the CA SiteMinder Policy Server Objects

Configure the CA SiteMinder Policy Server Objects

To configure CA SiteMinder, access the CA SiteMinder Policy Server Administrative UI. For more information, see the CA SiteMinder Policy Server Configuration Guide.

Important! Before you configure CA SiteMinder for CA Process Automation, consult your CA SiteMinder Administrator. Your company may have established policies for selecting or creating Domains, naming conventions for other entities, or other site-specific security considerations.

To configure a Web Agent object to integrate with CA Process Automation:

1. Create an Agent configuration Object in the Infrastructure Section of the CA SiteMinder Administrative UI. Select ApacheDefaultSettings.
   • Navigate to the BadUrlChars property of the Web Agent and remove "/." and "//" from the property.
   • Navigate to the IgnoreExt property and remove ".gif,.jpg,.jpeg,.png" from the property value.
   • Navigate to LogoffUri property and set it to "/itpam/Logout".
2. Create a Host Configuration Object. Select either ApacheDefaultSettings or IISDefaultSettings, depending on which web agent the web servers will host.
3. Create a user Directory Object in the Infrastructure Section of the CA SiteMinder Administrative UI.
4. Create or select a domain in the Domain section of the CA SiteMinder Administrative UI.
5. Create a Realm in the Domain section of the CA SiteMinder Policy Server UI.
6. In the new Realm, specify the correct Agent name, set the resource filter to "/itpam", and select Protected in the Default Resource Protection section.
7. In the new Realm, create a rule with Resource as "*" so that the resource looks like web_agent/itpam* and select all in the Actions section.

   Note: Specify this rule in the Policies section by adding it to an existing policy or a new policy. For more information, see the CA SiteMinder Policy Server Configuration Guide.

8. Create a subrealm for each of the following URLs and select Unprotected in the Default Resource Protection section:
   • /swaref.xsd
   • /genericNoSecurity
   • /images
   • /StartAgent
   • /itpamclient
   • /newWelcome.jsp
   • /ServerConfigurationRequestServlet
   • /MirroringRequestProcessor
   • /soapAttachment
   • /AgentConfigurationRequestServlet
   • /soap
   • /css
   • /js
9. Create a policy in the Policies section and add the rule that you created in Step 7 to the policy.

   For more information, see the CA SiteMinder Policy Server Configuration Guide.

10. (Optional) Use the default values to create a custom response variable and use it as the SSO Authentication Parameter.
    1. Create a custom response attribute pamuser of the type WebAgent-HTTP-Header-Variable.
    2. Set the Variable Value as the parameter used for LDAP/ActiveDirectory user ID.
    3. Add this custom response to the rule mentioned in Step 9.

       Note: During the CA Process Automation installation, specify the header parameter pamuser as the SSO Authentication Parameter with SSO Authentication Type as Header. For more information, see the CA SiteMinder Policy Server Configuration Guide.