Installation Guides › Policy Server Installation Guide › Installing the Policy Server on Windows Systems › How to Install the Policy Server › Policy Server Component Considerations

Policy Server Component Considerations

The Policy Server installer can configure the following components. Review the following before running the Policy Server installer:

• Federation Security Services Administrative UI—The FSS Administrative UI is installed with the Policy Server and is for managing CA SiteMinder Federation Security Services. Use of the FSS Administrative UI is only required If you must generate WS-Security SAML assertion tokens or are otherwise federating with a partner organization. Although part of the core Policy Server installation, the FSS Administrative UI must be registered with the Policy Server before it can be used. Registering the FSS Administrative UI requires the use of the Administrative UI. Therefore, you install and configure the Administrative UI before registering the FSS Administrative UI.
• Web Server—A supported web server is required to configure the FSS Administrative UI. The Policy Server installer configures the FSS Administrative UI with the selected web server.
• OneView Monitor—The OneView Monitor enables the monitoring of SiteMinder components.

  Note: To use the OneView Monitor, you must have the supported Java SDK and ServletExec ISAPI Windows/IIS installed.

• SNMP—Be sure that you have an SNMP Service (Master OS Agent) installed with your Windows operating system before installing the Policy Server.

  Note: More information about installing the SNMP service exists in the Windows online help system.

• Policy Store—The policy store is the repository for Policy Server objects and policy information.
• Key Database (smkeydatabase)—The smkeydatabase is a key store used for signing, verification, encryption, and decryption of signed messages with WS-Security tokens. or to produce or consume XML encrypted messages with WS-Security tokens.

  If you choose to configure the smkeydatabase during installation, you are prompted to install the default certificate authority (CA) certificates. You can add additional certificates and private keys to a key database after installation.

• Audit Logs—You can store audit logs in either a relational database or a text file. After you install the Policy Server, audit logging is set to a text file and not to ODBC by default.

Note: For a list of supported CA and third-party components, refer to the SOA Security Manager r12.1 SP3 Platform Support Matrix on the Technical Support site.

More information:

Locate the SOA Security Manager Platform Support Matrix

Policy Store Considerations

Consider the following before running the Policy Server installer or the Policy Server Configuration wizard:

• The Policy Server installer can automatically configure the following directory types as a policy store:
  • Microsoft^® Active Directory^® in Application Mode (ADAM)
  • Microsoft Active Directory Lightweight Directory Services (AD LDS)

    Note: Be sure that you have met the prerequisites for configuring ADAM or AD LDS as a policy store.

  • Oracle^® Directory Server Enterprise Edition (formerly Sun Directory Server Enterprise Edition)

  Important! The Policy Server installer cannot automatically configure a policy store that is being connected to using an SSL connection.

• The Policy Server Configuration Wizard can automatically configure the same directory types as the installer and the following additional directory types:
  • Microsoft SQL Server^® (SQL Server)
  • Oracle RDBMS

  Important! The Policy Server Configuration Wizard cannot automatically configure a policy store that is being connected to using an SSL connection.

• (RDB policy store) The Policy Server installer and the Policy Server Configuration Wizard use specific database information to create the policy store data source. The Policy Server uses this data source to communicate with the policy store. Consider the following:
  • The name of data source is CA SOA Security Manager DSN.
  • (Windows) The installer saves the data source to the Microsoft ODBC Data Source Administrator tool, under the System DSN tab.
  • (UNIX) The installer saves the data source to the system_odbc.ini file, which is located at policy_server_home/db.

    policy_server_home

    Specifies the Policy Server installation path.

• (RDB policy store) Be sure that the database server that is to host the policy store is configured to store objects in UTF–8 form. This configuration avoids possible policy store corruption.
  • (Oracle) Be sure that the database is configured to store objects in UTF–8 form. Oracle supports unicode within many of their character sets. For more information about configuring your database to store objects in UTF–8 form, see your vendor–specific documentation.
  • (SQL Server) Be sure that the database is configured using the default collation (SQL_Latin1_General_CP1_CI_AS). Using a collation that is case-sensitive can result in unexpected behaviors. For more information about configuring your database to store objects using the default collation, see your vendor–specific documentation.
• You manually configure any other supported directory server or relational database as a policy store after installing the Policy Server. Configuring a policy store manually is detailed in this guide.