By default, the Administrative UI is configured with a single Policy Server. You can configure additional Policy Server connections and can administer these servers from the Administrative UI. For example, you can create connections to manage Policy Servers in development and staging environments.
For the Administrative UI to connect to multiple Policy Servers, use an external administrator store. An external user store is a requirement for extra Policy Server connections. Create the administrator accounts for the administrator identities in the store. The accounts enable the Administrative UI to locate administrator records in the external store.
For more information about administrators and external administrator stores, see the Policy Server Configuration Guide.
Follow these steps:
Note: If the Administrative UI is using the policy store as its source of administrator identities, you cannot configure extra Policy Server connections.
You run the Administrative UI registration tool to create a client name and passphrase. A client name and passphrase pairing are values that the Policy Server uses to identify the Administrative UI you are registering. You submit the client and passphrase values from the Administrative UI to complete the registration process.
To run the registration tool
XPSRegClient client_name[:passphrase] -adminui -t timeout -r retries -c comment -cp -l log_path -e error_path -vT -vI -vW -vE -vF
Note: Inserting a space between client_name and [:passphrase] results in an error.
Identifies the Administrative UI being registered.
Limit: This value must be unique. For example, if you have previously used smui1 to register an Administrative UI, enter smui2.
Note: Record this value. This value is to complete the registration process from the Administrative UI.
Specifies the password required to complete the registration of the Administrative UI.
Limits:
Note: If you do not specify the passphrase in this step, XPSRegClient prompts you to enter and confirm one.
Important! Record the passphrase, so that you can refer to it later.
Specifies that an Administrative UI is being registered.
(Optional) Specifies how long you have to complete the registration process from the Administrative UI. The Policy Server denies the registration request when the timeout value is reached.
Unit of measurement: minutes
Default: 240 (four hours)
Minimum Limit: 1
Maximum Limit: 1440 (one day)
(Optional) Specifies how many failed attempts are allowed when you complete the registration process from the Administrative UI. A failed attempt can result from an incorrect client name or passphrase submitted to the Policy Server during the registration process.
Default: 1
Maximum Limit: 5
(Optional) Inserts the specified comments into the registration log file for informational purposes.
Note: Surround comments with quotes.
(Optional) Specifies that registration log file can contain multiple lines of comments. The registration tool prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.
Note: Surround comments with quotes.
(Optional) Specifies where to export the registration log file.
Default: siteminder_home\log
siteminder_home
Specifies the Policy Server installation path.
(Optional) Sends exceptions to the specified path.
Default: stderr
(Optional) Sets the verbosity level to TRACE.
(Optional) Sets the verbosity level to INFO.
(Optional) Sets the verbosity level to WARNING.
(Optional) Sets the verbosity level to ERROR.
(Optional) Sets the verbosity level to FATAL.
The registration tool lists the name of the registration log file and prompts for a passphrase.
The registration tool creates the client name and passphrase pairing.
You can now register the Administrative UI with a Policy Server. You complete the registration process from the Administrative UI.
The Administrative UI requires specific information from the registration process so that you can register it with the Policy Server.
Gather the following information before logging in to the Administrative UI:
Default: 44442
You configure the connection so the Administrative UI can be used to manage CA SiteMinder® objects.
To configure a Policy Server connection
Note: This value must match the value in the Authentication port (TCP) field on the Settings tab in the Policy Server Management Console. The default authentication port is 44442. To determine the port number, open the Settings tab in the Policy Server Management Console.
The connection between the Administrative UI and the Policy Server is configured.
The Administrative UI login screen contains a list of Policy Servers to which the Administrative UI is registered. By default, the Policy Server that was registered first is the default connection.
The Administrative UI login screen contains a list of Policy Servers to which the Administrative UI is registered. By default, the Policy Server that was registered first appears as the default connection. You can modify the list to have another Policy Server connection appear as the default.
Follow these steps:
Administrative UI connections matching the criteria appear.
The Policy Server connection is configured as the default connection.
The Administrative UI login screen contains a list of Policy Servers to which the Administrative UI is registered. You delete a Policy Server connection to remove it from the list when the connection is no longer required.
Follow these steps:
Administrative UI connections matching the criteria appear.
You are prompted to confirm that the connection can be deleted.
The connection to the Policy Server is deleted.
Copyright © 2014 CA.
All rights reserved.
|
|