Previous Topic: Red Hat Directory Server as a Key StoreNext Topic: Configure a MySQL Policy Store


Configuring CA SiteMinder® Data Stores in a Relational Database

Relational Databases as a Policy or Key Store

The CA SiteMinder® policy store is the repository for all policy–related information. All Policy Servers in a CA SiteMinder® installation must share the policy store data, either directly or through replication. CA SiteMinder® is installed with tools that let administrators move policy store data from one storage facility to another.

When you install the Policy Server, you can automatically configure one of the following relational databases as a policy store:

If you do not use the Policy Server installer to configure a policy store automatically, you can manually configure a policy store after installing the Policy Server. Additionally, after you install the Policy Server, you can use the Policy Server Management Console to point the Policy Server to an existing policy store.

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

In addition to policy store support, you can use a relational database to store CA SiteMinder® keys, audit logs, and session data.

More information:

Locate the Platform Support Matrix

Installation Road Map

The following diagram illustrates a sample CA SiteMinder® installation and lists the order in which you install and configure each component.

The following figure depicts a single policy/key store instance. Although not illustrated, your environment can use separate instances for individual policy and key stores.

Graphic showing the installation roadmap for the policy store

Important Considerations

Consider the following before configuring a policy store:

More information:

Locate the Platform Support Matrix

Default Policy Store Objects Consideration

When you configure a policy store, the following default policy store object files are available:

Consider the following items when choosing a file to:

The following table summarizes the security settings for both files:

Parameter Name

smpolicy Values

smpolicy–secure Values

BadCssChars

No value

<, >, ', ;, ), (, &, +, %00

BadQueryChars

No value

<, >, ', ;, ), (, &, +, %00

BadUrlChars

//,  ./, /., /*, *., ~, \, %00-%1f,

%7f-%ff, %25

smpolicy.smdif values plus:

<, >, ', ;, ), (, &, +

EnableCookieProvider

Yes

No

IgnoreExt

.class, .gif, .jpg, .jpeg, .png, .fcc, .scc, .sfcc, .ccc, .ntc

All smpolicy values.

LimitCookieProvider

No

Yes

ValidTargetDomain

This file does not include this parameter.

This parameter does not have a default value. Provide a valid redirection domain.

Example: validtargetdomain=".example.com"

Schema Files for Relational Databases

CA SiteMinder® provides schema files for configuring the following CA SiteMinder® data stores:

Note: The CA SiteMinder® schema files are installed with the Policy Server. If the Policy Server is installed on a UNIX system, copy the schema files from siteminder_home/db/SQL directory to a temporary directory (C:\temp) on the Windows system to which the database is installed.

siteminder_home

Specifies the Policy Server installation path.

IBM DB2 Schema Files

The following SQL Server schema files are provided in the siteminder_home\db\tier2\DB2 directory.

siteminder_home

Specifies the Policy Server installation path.

sm_db2_ps.sql

Creates the schema for a policy store and key store.

Note: If you are storing keys in a different database, this schema file creates the schema for the key store data.

sm_db2_logs.sql

Creates the schema for CA SiteMinder® audit logs. For 12.52 edit this script before using it to create an audit store.

sm_db2_ss.sql

Creates the schema for a CA SiteMinder® session store.

smsampleusers_db2.sql

Creates the schema for a CA SiteMinder® sample users database and populates the database with sample users.

The following IBM DB2 schema file is provided in the siteminder_home\xps\db directory.

DB2.sql

Creates the XPS schema for a policy store.

MySQL Schema Files

The following SQL Server schema files are provided in the siteminder_home\db\tier2\MySQL directory.

siteminder_home

Specifies the Policy Server installation path.

sm_mysql_ps.sql

Creates the schema for a policy store and key store.

Note: If you are storing keys in a different database, this schema file creates the schema for the key store data.

sm_mysql_logs.sql

Creates the schema for CA SiteMinder® audit logs.

sm_mysql_ss.sql

Creates the schema for a CA SiteMinder® session store.

smsampleusers_mysql.sql

Creates the schema for a CA SiteMinder® sample users database and populates the database with sample users.

The following MySQL schema file is provided in the siteminder_home\xps\db directory.

MySQL.sql

Creates the XPS schema for a policy store.

SQL Server Schema Files

The following SQL Server schema files are provided in the siteminder_home\db\SQL directory:

siteminder_home

Specifies the Policy Server installation path.

sm_mssql_ps.sql

Creates the schema for a policy store and key store.

Note: If you are storing keys in a different database, this schema file creates the schema for the key store data.

sm_mssql_logs.sql

Creates the schema for CA SiteMinder® audit logs.

sm_mssql_ss.sql

Creates the schema for a CA SiteMinder® session store.

Note: If you do not plan on storing Unicode characters in the session store, use this file.

sm_mssql_ss.sql.unicode

Creates the schema for the CA SiteMinder® session store.

Note: If you plan on storing Unicode characters in the session store, use this file.

smsampleusers_sqlserver.sql

Creates the schema for the CA SiteMinder® sample users database and populates the database with sample users.

The following SQL Server schema file is provided in siteminder_home\xps\db:

SQLServer.sql

Creates the XPS schema for a policy store.

Oracle Schema Files

The following Oracle schema files are provided in the siteminder_home\db\SQL directory.

siteminder_home

Specifies the Policy Server installation path.

sm_oracle_ps.sql

Creates the schema for a policy store and key store.

Note: If you are storing keys in a different database, this schema file creates the schema for the key store data.

sm_oracle_logs.sql

Creates the schema for CA SiteMinder® audit logs.

sm_oracle_ss.sql

Creates the schema for a CA SiteMinder® session store.

smsampleusers_oracle.sql

Creates the schema for a CA SiteMinder® sample users database and populates the database with sample users.

The following Oracle schema file is provided in the policy_server_home\xps\db directory.

Oracle.sql

Creates the XPS schema for a policy store.