Following is a sample SmSiebelSSO.conf file.
# Feel free to edit this file at will
# Where should the log data go? LogFile=c:/logs/Test.log # Log level is an integer between 0 and 3 # Level Meaning # 0 None # 1 Errors # 2 Information # 3 Debug LogLevel=3 # These settings dictate how you communicate with the Policy server AgentName=siebel1 HostConfigFile=/home/oracle/CA/erpconn/siebel/Config/SmHost.conf Resource=/SiebelConnector/ # And finally how do you talk to the Database? DatabaseUser=sadmin DatabasePassword=sadmin
After running the configuration wizard, test Security Adapter by verifying the installation and the settings in the configuration file (SmSiebelSSO.conf).
Follow these steps:
C:\>providertest Enter username: dsherman Enter password: password Testing provider with username 'dsherman' and password 'password' Loading library... OK Finding entry point... OK enter Config File: test.conf Calling SecurityLogin()...OK Return code is OK Test 1: GetUsername() Username: dsherman Test 2: GetAccountStatus() Account state: ACTIVE Test 3: GetCredentials() pCred->m_pType: pCred->m_pUsername: DBUser pCred->m_pPassword: 10 characters long Test 4: GetUserInfo: m_accountStatus: ACTIVE m_bPasswordSet: 0 m_pCredentialsArray #: Type | Username | Password ---------------------------------------- 0: | DBUser | 10 chars m_pNewUsername: (null) m_p_Password: (null) Test 5: GetRoles() GetRoles returned SecurityErrOK Role 00: A Role 01: B Role 02: C Role 03: D Total: 4 roles
Perform the following steps to enable Security:
Perform the following procedure to create a named subsystem for Custom Security Adapter.
To create a named subsystem
srvrmgr parameters
The parameters include the following:
srvrmgr:srvr>create named subsystem SiteMinderSecAdpt for subsystem InfraSecAdpt_CUSTOM srvrmgr:srvr>list param for named subsystem SiteMinderSecAdpt
PA ALIAS |
PA VALUE |
CustomSecAdpt_CRC |
******** |
CustomSecAdpt_SecAdptDLLName |
|
ConfigFileName |
|
CustomSecAdpt_HashAlgorithm |
RSASHA1 |
CustomSecAdpt_HashDBPwd |
False |
CustomSecAdpt_HashUserPwd |
False |
CustomSecAdpt_PropagateChange |
False |
ConfigSectionName |
|
CustomSecAdpt_SingleSignOn |
False |
CustomSecAdpt_TrustToken |
******** |
CustomSecAdpt_UseAdapterUsername |
False |
11 rows returned. |
|
srvrmgr:srvr> change param CustomSecAdpt_SecAdptDllName=SmSecurityProvider75 for named subsystem SiteMinderSecAdpt srvrmgr:srvr> change param ConfigFileName=d:\siebel\bin\enu\SmSiebelSSO.ini for named subsystem SiteMinderSecAdpt
Note: The absolute path of the SmSiebelSSO.ini file must be specified in this command to modify the ConfigFileName.
srvrmgr:srvr> change param ConfigSectionName=SiteMinder for named subsystem SiteMinderSecAdpt
Note: The section name, SiteMinder, in this command to modify the ConfigSectionName, must match the section name defined in the SmSiebelSSO.ini file.
srvrmgr:srvr> list param for named subsystem SiteMinderSecAdpt
A sample output is shown in the following table:
PA ALIAS |
PA VALUE |
CustomSecAdpt_CRC |
******** |
CustomSecAdpt_SecAdptDLLName |
SmSecurityProvider75 |
ConfigFileName |
d:\siebel\bin\enu\SmSiebelSSO.ini |
CustomSecAdpt_HashAlgorithm |
RSASHA1 |
CustomSecAdpt_HashDBPwd |
False |
CustomSecAdpt_HashUserPwd |
False |
CustomSecAdpt_PropagateChange |
False |
ConfigSectionName |
SiteMinder |
CustomSecAdpt_SingleSignOn |
False |
CustomSecAdpt_TrustToken |
******** |
CustomSecAdpt_UseAdapterUsername |
False |
11 rows returned. |
|
Perform the following steps to configure the server components.
To configure the server components
srvrmgr:srvr > change param secadptname=SiteMinderSecAdpt for comp eSalesObjMgr_enu srvrmgr:srvr > change param secadptmode=CUSTOM for comp eSalesObjMgr_enu
By default, customer-facing applications (such as eSales) use a different login view than the SWELogin.swt required by the CA SSO Agent. (Internal Seibel applications, such as CallCenter, use SWELogin.swt by default.) Perform the following procedure to configure other applications to use SWELogin.swt.
Follow these steps:
Perform the following procedure to test Security Adapter within Siebel.
Follow these steps:
http://machine.domain.com/esales/
Be sure to include the full domain name so that the browser accepts cookies of CA SSO. If a CA SSO session has not yet been established, the CA SSO login screen appears. Enter a valid username and password and complete the login process.
When you verify that Security Adapter and Authentication Scheme are functioning correctly, SSO should also succeed.
Follow these steps:
http://machine.domain.com/SiebelConnector/testsso.asp http://machine.domain.com/SiebelConnector/testsso.jsp http://machine.domain.com/SiebelConnector/testsso.pl
Once single signon is functioning correctly, you can have all users automatically directed through the single signon process rather than presenting the Siebel login page.
To direct users through the SSO process
Siebel Agent Installation folder/Config/siebsrvr/Webtempl/SWELogin.swt
Copyright © 2015 CA Technologies.
All rights reserved.
|
|