Configure SiteMinder Agent Authenticators For All Web Applications on JBoss 5.x

Configuration Guides › SiteMinder Agent for JBoss Guide › Configure the SiteMinder Agent Security Interceptor to Protect Web Applications › Configure SiteMinder Agent Authenticators › Configure SiteMinder Agent Authenticators For All Web Applications on JBoss 5.x

Configure SiteMinder Agent Authenticators For All Web Applications on JBoss 5.x

To configure the SiteMinder Agent Authenticators to handle all JBoss web application requests, replace the default JBossSX authenticator methods with the SiteMinder Agent Authenticator methods in the JBoss core authentication services definition.

The JBoss core authentication services are defined in the war-deployers-jboss-beans.xml configuration file located in the following location:

server/server_name/deployers/jbossweb.deployer/META-INF

Note: The SiteMinder Agent Authenticator methods extend the default authenticator methods; the default authenticator functionality is still available for requests without valid SiteMinder session cookies.

To Configure SiteMinder Agent Authenticators at the global level

Navigate to server/server_name/deploy/jboss-web.deployer/META-INF/.
Open the jboss-service.xml file in a text editor.
Locate the <attribute name="Authenticators" ...> element definition section.
Edit the java:value element in the java:property element definitions for BASIC, FORM, CLIENT-CERT, and DIGEST authentication, replacing the default authenticator methods with the corresponding SiteMinder Agent Authenticator methods as required.
To configure the SMJBossBasicAuthenticator, edit the java:property element for BASIC authentication as follows:
```
<entry>
  <key>BASIC</key>
  <value>com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossBasicAuthenticator</value>
</entry>
```
To configure the SMJBossFormAuthenticator, edit the java:property element for FORM authentication as follows:
```
<entry>
  <key>FORM</key>
  <value>com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossFormAuthenticator</value>
</entry>
```
To configure the SMJBossClientCertAuthenticator, edit the java:property element for CLIENT-CERT authentication as follows:
```
<entry>
  <key>CLIENT-CERT</key>
  <value>com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossClientCertAuthenticator</value>
</entry>
```
To configure the SMJBossDigestAuthenticator, edit the java:property element for DIGEST authentication as follows:
```
<entry>
  <key>DIGEST</key>
  <value>com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossDigestAuthenticator</value>
</entry>
```
If you do not want the default authentication behavior to occur if SiteMinder session cookie validation fails, configure the SMJBossIdentityAsserter in place of any authenticator. For example, to configure the SMJBossIdentityAsserter so that default Digest authentication does not occur if SiteMinder identity assertion fails, edit the java:property element for DIGEST as follows:
```
<entry>
  <key>DIGEST</key>
  <value>com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossIdentityAsserter</value>
</entry>
```
Save the file and exit the text editor.

The SiteMinder Agent Authenticators are configured as the default authenticators for all security-enabled web applications. The authenticator configured for the authentication method defined in the web application deployment descriptor will handle request unless an authenticator is configured individually for that application.

Email CA Technologies about this topic