The Authentication Shim configurations are performed in the adaptershim.ini file. This file defines the configuration parameters that must be set for Adapter and SiteMinder to communicate with each other. The file is available at the following location on the system where you have installed Authentication Shim:
<installation_dir>\conf
The section [arcot/integrations/smadapter/Default] contains the parameters that you need to set according to the authentication workflow that you want to use. The following table explains the parameters of this section.
|
Parameter |
Required/ |
Description |
|---|---|---|
|
PasswdSvcUserAtt |
Optional |
Specify a valid LDAP attribute of string type which has read-write access. This attribute must not be used by any other application. Note: This parameter is required only for authentication workflows using LDAP and when the password services are enabled in SiteMinder. |
|
DisambigSchemeLib |
Optional |
Specify the DLL library name of an authentication scheme to use for user disambiguation. Note: This parameter does not support the refresh option. This means that if you switch to use Adapter authentication, then you must restart the SiteMinder Policy Server. |
|
DisambigSchemeParam |
Optional |
Specify the parameter string to pass to the disambiguation authentication scheme. This must be structured the same way that the SiteMinder Policy Server would build the string from the configuration parameters for the scheme. |
|
AuthSchemeLib |
Optional |
Specify the library name of an authentication scheme to use as a backing scheme for primary authentication. Note: |
|
AuthSchemeParam |
Optional |
If you have configured a backing authentication scheme, this parameter is passed as the configuration string to the backing authentication scheme. This parameter must be set to have the same content that the SiteMinder Policy Server would set from the scheme configuration dialog. You can determine this by examining the scheme setup dialog boxes in the SiteMinder Policy Server administration interface. As you change parameters, the dialog box shows the parameter that the SiteMinder Policy Server would send. Note: This parameter is not used for the delegated authentication scenario. |
|
ArcotSMBaseURL |
Required |
Specify the URL where State Manager is available. The syntax to specify State Manager URL is: https://host_name:port_number/arcotsm/servlet/ |
|
ArcotSMRetries |
Optional |
Specify the maximum number of retries allowed to connect to State Manager. If this value is 0, it signifies that only one connection attempt is allowed. Default value: 0 |
|
ArcotSMResponseWait |
Required |
Specify the time period (in seconds) for which Authentication Shim will wait for State Manager to respond before logging an error. Default value: 5 |
|
ArcotSMTrustedRootPEM |
Required, if HTTPS is enabled |
Specify the location of the certificate of the trusted root certificate authority, if State Manager is enabled for HTTPS. The file must be in .PEM format. |
|
ArcotSMClientSSLCert |
Required, if HTTPS is enabled |
Specify the location of the client-side SSL certificate, if State Manager is enabled for HTTPS. The file must be in .PEM format. |
|
ArcotSMClientPrivateKey |
Required, if HTTPS is enabled |
Specify the private key of the client in .PEM format, if State Manager is enabled for HTTPS. The file must be in .PEM format. |
|
ArcotAFMLandingURL |
Required |
The controller JSP URL of AFM. Note: Although you can use multiple sample flows, you can configure only one ArcotAFMLandingURL per section. |
|
UseCustomizationEngineAuth |
Optional |
Specify whether AFM is used to perform authentication. Default value: false |
|
InitialPhasePrimaryAuth |
Optional |
Specify whether to perform LDAP authentication before risk evaluation or after. This parameter is applicable if UseCustomizationEngineAuth is set to false. Default value: true (LDAP authentication is performed before risk evaluation.) |
|
ErrorPageURL |
Required |
Specify the URL of the error FCC page. This page is displayed to the user in case of an error. |
|
InitialFCCURL |
Required |
Specify the URL of the initial FCC page served to the user. Authentication Shim reports this URL to SiteMinder during initialization. When the user attempts to access a protected resource and authentication is required, SiteMinder directs the user to this page. Depending on the authentication workflow, the page can collect information, such as the username or username and password. |
|
FinalFCCURL |
Required |
Specify the URL that is used by AFM to forward the control back to Authentication Shim. AFM retrieves this URL from the token. |
The global Authentication Shim configuration parameters are available in the GLOBAL SETUP section of the adaptershim.ini file. The following table describes the parameters of the [arcot/integrations/smadapter] section.
|
Parameter |
Required/ |
Description |
|---|---|---|
|
WatchInterval |
Required |
Specify the polling interval (in seconds) for Authentication Shim to use for monitoring the configuration file. Authentication Shim allows configuration changes without restarting SiteMinder Policy Server. It monitors the configuration file at this interval and if the file has changed, it reloads the configuration. Default value: 300 |
|
ShimIdentifierString |
Optional |
Specify a unique identifier for the Authentication Shim instance. The value that you specify is appended with the section name to create an identifier. |
|
LogSupported |
Required |
Specify whether to enable logging for Authentication Shim. Set this to 1 if you want to enable logging, or set this value to 0 to disable logging. |
|
MultipleUserDirectoriesSupported |
Optional |
Specify whether to enable multiple user directory support. If this parameter is set to 1, then multiple user directory support is enabled. Default value: 0 (disabled) |
|
UserStatusFlag |
Optional |
Specify the user attribute in the directory server used by SiteMinder to store the user’s status. Note: This parameter is required to enable detailed logging of user status in SiteMinder audit logs and Authentication Shim logs. The value of this parameter must match the value specified for the Disabled Flag(RW) attribute under the User Attributes tab in the SiteMinder User Directory Dialog. |
|
SmApiVersion |
Optional |
Specify the supported version of the SiteMinder API. Supported versions are:
Default value: 400 Note: If you change this value, restart the Policy Server for the changes to take effect. |
|
SMPSLogEnabled |
Optional |
Specify whether to enable logging to the SiteMinder Policy Server log. Set the value to 1 if you want to enable logging to the SiteMinder Policy Server log. Set the value to 0 if you do not want to enable logging to the SiteMinder Policy Server log. Default value: 0 (disabled) |
|
SMTraceLogEnabled |
Optional |
Specify whether to enable logging to the SiteMinder trace log. Set the value to 1 if you want to enable logging to the SiteMinder trace log. Set the value to 0 if you do not want to enable logging to the SiteMinder trace log. Default value: 0 (disabled) |
|
Copyright © 2013 CA.
All rights reserved.
|
|