Within the file, all blank lines are ignored and any line beginning with two forward slashes ("//"), a pound sign ("#") or a semicolon (";") is considered a comment. Embedded and trailing comments are not supported.
For the most part, each operational line consists of a keyword (or words) followed by an equal sign, followed by zero or more spaces, followed by the setting for that keyword. This chapter contains a detailed listing of all of the keywords and their expected arguments. In addition, the sample APS.CFG file supplied contains a considerable amount of discussion for each keyword. If discrepancies exist between this document and comments in the file, use the comments in the file.
Keywords are not case-sensitive. The settings for the keywords usually are case-sensitive.
By default, almost all options are disabled in the sample file. Options should be enabled as needed. Options should be set with care, as it is possible to create situations where no password exists that can satisfy all conditions. Even if combinations are possible, you should be careful: complex rules can confuse users.
If the file is modified while APS is running, the changes will apply to the next user accessing the system or changing their password. There is no need to restart SiteMinder services. APS checks the last modification time of the file each time that a user is processed. If the file has changed, it is read in by APS and used for the new user request and for all future requests, until the file is changed.
There is slight performance degradation due to the large number of comments in the configuration file. However, because of file caching, it is only noticeable during startup and when the file actually changes. Thus, we highly recommend that the comments be left intact.
The configuration is intentionally stored in a flat file rather than in some distributed data store. This gives us a much higher degree of configuration flexibility and portability. For example, if the Primary SiteMinder server always accesses a Primary LDAP server, there may be no need for Write Back settings, whereas a Backup SiteMinder Server (that might be accessing a backup LDAP Server) might need to use the Write Backs.
If multiple SiteMinder Policy Servers are used, a copy of this file must exist on all of them. If the same configuration is to be used on all, the site can use one of the many file replication utilities available on the market. Thus, changing the file on one server would cause that change to be replicated to all other servers. CA does not supply, support, or recommend any particular utility to perform this function.
|
Copyright © 2014 CA.
All rights reserved.
|
|