Installation and Upgrade Guides › Policy Server Installation Guide › Installing the Administrative UI › How to Configure Additional Policy Server Connections

How to Configure Additional Policy Server Connections

By default, the Administrative UI is configured with a single Policy Server as part of the installation process. You can, however, configure additional connections to administer more than one Policy Server. For example, you can create connections to manage Policy Servers in development and staging environments.

To configure additional Policy Server connections, complete the following steps:

1. Configure a connection to an external administrator user store.

   Note: If the Administrative UI is using the policy store as its source of administrator identities, you cannot configure additional Policy Server connections. For more information about configuring an external administrator user store connection, see the Policy Server Configuration Guide.

2. Run the registration tool.
3. Configure the connection to the Policy Server.

More information:

How to Configure an External Administrator Store

Run the Registration Tool

You run the Administrative UI registration tool to create a client name and passphrase. A client name and passphrase pairing are values that the Policy Server uses to identify the Administrative UI you are registering. You submit the client and passphrase values from the Administrative UI to complete the registration process.

To run the registration tool

1. Open a command prompt from the Policy Server host system.
2. Run the following command:

   XPSRegClient client_name[:passphrase] -adminui -t timeout -r retries -c comment -cp -l log_path -e error_path
   -vT -vI -vW -vE -vF
   

   Note: Inserting a space between client_name and [:passphrase] results in an error.

   client_name

   Identifies the Administrative UI being registered.

   Limit: This value must be unique. For example, if you have previously used smui1 to register an Administrative UI, enter smui2.

   Note: Record this value. This value is to complete the registration process from the Administrative UI.

   passphrase

   Specifies the password required to complete the registration of the Administrative UI.

   Limits:

   • The passphrase must contain at least six (6) characters.
   • The passphrase cannot include an ampersand (&) or an asterisk (*).
   • If the passphrase contains a space, it must be enclosed in quotation marks.
   • If you are registering the Administrative UI as part of an upgrade, you can reuse a previous passphrase.

   Note: If you do not specify the passphrase in this step, XPSRegClient prompts you to enter and confirm one.

   Important! Record the passphrase, so that you can refer to it later.

   -adminui

   Specifies that an Administrative UI is being registered.

   -t timeout

   (Optional) Specifies how long you have to complete the registration process from the Administrative UI. The Policy Server denies the registration request when the timeout value is reached.

   Unit of measurement: minutes

   Default: 240 (four hours)

   Minimum Limit: 1

   Maximum Limit: 1440 (one day)

   -r retries

   (Optional) Specifies how many failed attempts are allowed when you complete the registration process from the Administrative UI. A failed attempt can result from an incorrect client name or passphrase submitted to the Policy Server during the registration process.

   Default: 1

   Maximum Limit: 5

   -c comment

   (Optional) Inserts the specified comments into the registration log file for informational purposes.

   Note: Surround comments with quotes.

   -cp

   (Optional) Specifies that registration log file can contain multiple lines of comments. The registration tool prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.

   Note: Surround comments with quotes.

   -l log_path

   (Optional) Specifies where to export the registration log file.

   Default: siteminder_home\log

   siteminder_home

   Specifies the Policy Server installation path.

   -e error_path

   (Optional) Sends exceptions to the specified path.

   Default: stderr

   -vT

   (Optional) Sets the verbosity level to TRACE.

   -vI

   (Optional) Sets the verbosity level to INFO.

   -vW

   (Optional) Sets the verbosity level to WARNING.

   -vE

   (Optional) Sets the verbosity level to ERROR.

   -vF

   (Optional) Sets the verbosity level to FATAL.

   The registration tool lists the name of the registration log file and prompts for a passphrase.

3. Press Enter.

   The registration tool creates the client name and passphrase pairing.

You can now register the Administrative UI with a Policy Server. You complete the registration process from the Administrative UI.

Gather Registration Information

The Administrative UI requires specific information about the Policy Server and the client name and passphrase you created to complete the registration process. Gather the following information before logging into the Administrative UI:

• Client name—The client name you specified using the XPSRegClient tool.
• Passphrase—The passphrase you specified using the XPSRegClient tool.
• Policy Server host—The IP address or name of the Policy Server host system.
• Policy Server authentication port—The port on which the Policy Server is listening for authentication requests.

  Default: 44442

Note: A worksheet is provided to help you gather and record information before registering the Administrative UI.

Configure the Connection to the Policy Server

You configure the connection so the Administrative UI can be used to manage CA SiteMinder® objects.

To configure a Policy Server connection

1. Log into the Administrative UI with an account that has super user permissions.
2. Click Administration, Admin UI.
3. Click Policy Server Connections, Register Policy Server Connection.

   The Register Policy Server Connection screen appears.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

4. Type a connection name in the Name field.
5. Type the Policy Server host name or IP address in the Policy Server Host field.
6. Type the Policy Server authentication port in the Policy Server Port field.

   Note: This value must match the value in the Authentication port (TCP) field on the Settings tab in the Policy Server Management Console. The default authentication port is 44442. To determine the port number, open the Settings tab in the Policy Server Management Console.

7. Type the client name and passphrase you created using the registration tool in the respective fields.
8. Select a FIPS mode:
   • If you installed the Policy Server in FIPS-compatibility mode, select Compatibility mode.
   • If you installed the Policy Server in FIPS-only mode, select FIPS only mode.
9. Click Submit.

   The connection between the Administrative UI and the Policy Server is configured.

   The Administrative UI login screen contains a list of Policy Servers to which the Administrative UI is registered. By default, the Policy Server that was registered first is the default connection.