The following sections contain information about installing the SiteMinder Agent.
This section describes the options for installing the SiteMinder Agent.
Run the installation in the graphical user interface (GUI) mode to install the SiteMinder Agent.
Do one of the following to install or upgrade the SiteMinder Agent:
The SiteMinder Agent for JBoss installation program prompts you to supply the following information:
To register a new Trusted Host, you need the name of the Trusted Host Configuration Object that you created when you configured the SiteMinder Policy Server for the SiteMinder agent providers.
Note: If you want to register a new Trusted Host, be sure that the Policy Server is running before you start the SiteMinder Agent installation.
To use an existing Trusted Host on the physical computer where the SiteMinder Agent resides, you need the location of the SmHost.conf file.
The following sections describe how to install the SiteMinder Agent on a Windows system.
Set the Java Runtime Environment (JRE) in the Windows path variable.
Follow these steps:
Install the SiteMinder Agent for JBoss using the using the installation media on the Technical Support site.
Note: For a list of installation media names for each operating system, see the installation and upgrade considerations in the Release Notes.
Follow these steps:
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
The SiteMinder Agent for JBoss installation wizard starts.
Note: The installation program may detect that newer versions of certain system dlls are installed on your system. It asks if you want to overwrite these newer files with older files. Select No To All if you see this message.
The SiteMinder Agent files are copied to the specified location. Afterward, the CA SiteMinder Agent for JBoss Configuration screen is displayed.
If you selected the option to configure the Agent now, the installation program prepares the CA SiteMinder Agent for JBoss Configuration Wizard and begins the trusted host registration and configuration processes.
Do the following:
If you did not select the option to configure the Agent now, the installation program prompts you to restart your system.Select whether to restart the system automatically or later on your own.
Installation Notes:
Specifies the path to where the SiteMinder Agent is installed.
Default: C:\Program Files\CA\JBossAgent
Once the SiteMinder Agent is installed on one system, you can reinstall it on the same system or install it with the same options on another system using an unattended installation mode. An unattended installation lets you install or uninstall the agent without any user interaction
The unattended installation uses the ca-jboss-agent-installer.properties file generated during the initial install from the information you specified to define the necessary installation parameters, passwords, and so on.
The ca-jboss-agent-installer.properties is located in SMAGENT_HOME\install_config_info.
Follow these steps:
Note: For a list of installation media names for each operating system, see the installation and upgrade considerations in the Release Notes.
ca-sm-jboss-12.52-cr-win32.exe -f ca-jboss-agent-installer.properties -i silent
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
The -i silent setting instructs the installer to run in the unattended installation mode.
When running this command, if the ca-jboss-agent-installer.properties file is not in the same directory as the installation program, use double quotes if the argument contains spaces.
For example:
ca-sm-jboss-12.52-cr-win32.exe -f "C:\Program Files\CA\JBossAgent\install_config_info\ca-jboss-agent-installer.properties " -i silent
An InstallAnywhere status bar appears, which shows that the unattended SiteMinder Agent installer has begun. The installer uses the parameters specified in the ca-jboss-agent-installer.properties file.
Note: To stop the installation manually, open the Windows Task Manager and stop the installation_media process.
To verify that the unattended installation completed successfully, see the CA_SiteMinder®_Agent_for_JBoss_InstallLog.log file in the SMAGENT_HOME\install_config_info directory. This log file contains the results of the installation.
The following sections describe how to install the SiteMinder Agent on a UNIX system.
Set the Java Runtime Environment (JRE) in the UNIX system PATH variable.
To set the JRE in the PATH variable
PATH=$PATH:JRE export PATH
Defines the location of your Java Runtime Environment bin directory.
Install the SiteMinder Agent for JBoss using the installation media on the Technical Support site.
Note: For a list of installation media names for each operating system, see the installation and upgrade considerations in the Release Notes.
Follow these steps:
chmod +x installation_media
Specifies the SiteMinder Agent installer executable
sh ./ca-sm-jboss-12.52-cr-unix_version.bin
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
Specifies the UNIX version: sol or linux.
The SiteMinder Agent for JBoss installation wizard starts.
Note: If the installer detects newer versions of certain system libraries installed on your system, it asks if you want to overwrite these newer files with older files. Select No To All if you see this message.
The SiteMinder Agent files are copied to the specified location. Afterward, the CA SiteMinder Agent for JBoss Configuration screen is displayed.
If you selected the option to configure the Agent now, the installer prepares the CA SiteMinder Agent for JBoss Configuration Wizard and begins the host registration and configuration processes.
Do the following:
If you did not select the option to configure the Agent now, the installation program prompts you to restart your system. Select whether to restart the system automatically or later on your own.
Installation Notes:
Specifies the path to where the SiteMinder Agent is installed.
Install the SiteMinder Agent for JBoss using the installation media on the Technical Support site.
Note: For a list of installation media names for each operating system, see the installation and upgrade considerations in the Release Notes.
Follow these steps:
chmod +x installation_media
Specifies the SiteMinder Agent installer executable
sh ./ca-sm-jboss-12.52-cr-unix_version.bin -i console
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
Specifies the UNIX version: sol or linux.
The SiteMinder Agent for JBoss installation wizard starts.
The SiteMinder Agent for JBoss installation wizard starts.
Note: If the installer detects newer versions of certain system libraries installed on your system, it asks if you want to overwrite these newer files with older files. Select No To All if you see this message.
The SiteMinder Agent files are copied to the specified location. Afterward, the CA SiteMinder Agent for JBoss Configuration page is displayed.
Note: After installation, you can review the installation log file in SMAGENT_HOME/install_config_info. The file name is: CA_SiteMinder®_Agent_for_JBoss_InstallLog.log.
Once the SiteMinder Agent is installed on one system, you can reinstall it on the same system or install it with the same options on another system using an unattended installation mode. An unattended installation lets you install or uninstall the agent without any user interaction
The unattended installation uses the ca-jboss-agent-installer.properties file generated during the initial install from the information you specified to define the necessary installation parameters, passwords, and so on.The ca-jboss-agent-installer.properties is located in SMAGENT_HOME/install_config_info.
Follow these steps:
Note: For a list of installation media names for each operating system, see the installation and upgrade considerations in the Release Notes.
ca-sm-jboss-12.52-cr-unix_version.bin -f ca-jboss-agent-installer.properties -i silent
Specifies the cumulative release number. The base 12.52 release does not include a cumulative release number.
Specifies the UNIX version: sol or linux.
The -i silent setting instructs the installer to run in the unattended installation mode.
When running this command, if the ca-jboss-agent-installer.properties file is not in the same directory as the installation program, use double quotes if the argument contains spaces.
For example:
ca-sm-jboss-12.52-cr-unix_version.bin -f "/CA/JBossAgent/install_config_info/ca-jboss-agent-installer.properties " -i silent
The -i silent setting instructs the installer to run in the unattended installation mode.
An InstallAnywhere status bar appears, which shows that the unattended SiteMinder Agent installer has begun. The installer uses the parameters specified in the ca-jboss-agent-installer.properties file.
Note: To stop the installation manually, type Ctrl+C.
To verify that the unattended installation completed successfully, see the CA_SiteMinder®_Agent_for_JBoss_InstallLog.log file in the SMAGENT_HOME/install_config_info directory. This log file contains the results of the installation.
The SiteMinder WSS Agent XML encryption function requires that the JVM is configured to use the JSafeJCE security provider.
Follow these steps:
Is the installed location of the JVM used by the application server.
In the following example, the JSafeJCE security provider entry has been added as the second security provider:
security.provider.1=sun.security.provider.Sun security.provider.2=com.rsa.jsafe.provider.JsafeJCE security.provider.3=sun.security.rsa.SunRsaSign security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider
Note: If using the IBM JRE, always configure the JSafeJCE security provider immediately after (that is with a security provider number one higher than) the IBMJCE security provider (com.ibm.crypto.provider.IBMJCE)
com.rsa.cryptoj.fips140initialmode=NON_FIPS140_MODE
Note: The initial FIPS mode does not affect the final FIPS mode you select for the SiteMinder WSS Agent.
A trusted host is a client computer where one or more SiteMinder or SOA Agents can be installed. The term trusted host refers to the physical system.
To establish a connection between the trusted host and the Policy Server, you need to register the host with the Policy Server. After registration is complete, the registration tool creates the SmHost.conf file. After this file is created successfully, the client computer becomes a trusted host.
The following information must be supplied during Trusted Host registration:
The name of a Policy Server administrator allowed to register the host with the Policy Server.
This administrator should already be defined at the Policy Server and have the permission Register Trusted Hosts set. The default administrator is SiteMinder.
The Policy Server administrator account password.
Specifies a unique name that represents the trusted host to the Policy Server. This name does not have to be the same as the physical client system that you are registering; it can be any unique name, for example, mytrustedhost.
Note: This name must be unique among trusted hosts and not match the name of any other Agent.
The name of the Host Configuration Object in the Policy Server that defines the connection between the trusted host and the Policy Server. For example, to use the default, enter DefaultHostSettings. In most cases, you will have created your own Host Configuration Object.
Note: This value must match the Host Configuration Object entry preconfigured on the Policy Server.
The IP address, or host name, and authentication port of the Policy Server where you are registering the host. The default port is 44442. If you do not provide a port, the default is used.
You can specify a non-default port number, but if your Policy Server is configured to use a non-default port and you omit it when you register a trusted host, the following error is displayed:
Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1)
Note also that if you specify a non-default port, that port is used for the Policy Server’s authentication, authorization, and accounting ports; however, the unified server responds to any Agent request on any port. The entry in the SmHost.conf file will look like:
policyserver="ip_address,5555,5555,5555"
Determines whether the Agent communicates with the Policy Server using certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries.
Specifies non-FIPS mode, which lets the Policy Server and the Agents read and write information using the existing CA SiteMinder® encryption algorithms. If your organization does not require the use of FIPS-compliant algorithms, the Policy Server and the Agents can operate in non-FIPS mode without further configuration.
Specifies full-FIPS mode, which requires that the Policy Server and Web Agents read and write information using only FIPS 140-2 algorithms.
Important! A CA SiteMinder® installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of CA SiteMinder®, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the corresponding versions of the respective SDKs to achieve the required support for Full FIPS mode.
You can configure your SiteMinder Agent and register a trusted host immediately after installing the agent or at a later time; however, the host must be registered to communicate with the Policy Server.
Note: You only register the host once, not each time you install and configure a SiteMinder Agent on your system.
To configure Agents and register a trusted host
(Alternatively, navigate to SMAGENT_HOME\install_config_info and run ca-jbossagent-config.exe.)
Note: If you chose to configure the SiteMinder Agent immediately after the installation, the installer automatically starts the Configuration Wizard.
The SiteMinder Configuration Wizard starts.
Note: If you choose to configure multiple Agents, you can set the Register with same Policy Server option to register them all with the same Policy Server.
When the wizard completes, the host is registered and a host configuration file, SmHost.conf, is created in SMAGENT_HOME\config. You can modify this file.
To check the results of the installation or review any specific problems during the installation or configuration of the SiteMinder Agent for JBoss, check the CA_SiteMinder®_Agent_for_JBoss_InstallLog.log file in the SMAGENT_HOME/install_config_info directory.
SiteMinder Agents act as trusted hosts by using the information in the SmHost.conf file to locate and make initial connections to a Policy Server. Once the Agent connects to the Policy Server, the initial connections are closed. Any further communication between the Agent and the Policy Server is based on settings in the Host Configuration Object that is located on the Policy Server.
You can modify portions of the SmHost.conf file to change the initial Agent-to-Policy Server connection.
To modify the SmHost.conf file
Important! Change only the settings of the parameters listed here. Do not modify the settings of any other parameters in the SmHost.conf file.
Specifies the host configuration object that defines connectivity between the Agent that is acting as trusted host and the Policy Server. This name must match a name defined in the Administrative UI.
If you want to change the host configuration object an object so the SiteMinder Agent uses it, you need to modify this setting.
Specifies the Policy Server to which the trusted host will try to connect. The proper syntax is as follows:
"IP_address, port,port,port"
The default ports are 44441,44442,44443, but you can specify non-default ports using the same number or different numbers for all three ports. The unified server responds to any Agent request on any port.
To specify additional bootstrap servers for the Agent, add multiple Policy Server entries to the file. Multiple entries provide the Agent with several Policy Servers to which it can connect to retrieve its Host Configuration Object. After the Host Configuration Object is retrieved, the bootstrap servers are no longer needed for that server process.
Multiple entries can be added during host registration or by modifying this parameter. If a Policy Server is removed from your CA SiteMinder® environment or is no longer in service, delete the entry.
Important: If an Agent is configured on a multi-process web server, specifying multiple Policy Server entries is recommended to ensure that any child process can establish a connection to the secondary Policy Server if the primary Policy Server fails. Each time a new child process is started, it will not be able to initialize the Agent if only one Policy Server is listed in the file and that Policy Server is unreachable.
Default: IP_address, 44441,44442,44443
Example (Syntax for a single entry): "IP_address, port,port,port"
Example (Syntax for multiple entries, place each Policy Server on a separate line):
policyserver="123.122.1.1, 44441,44442,44443"
policyserver="111.222.2.2, 44441,44442,44443"
policyserver="321.123.1.1, 44441,44442,44443"
Specifies an interval of seconds during which the Agent that is acting as a trusted host waits before deciding that a Policy Server is unavailable. You can increase the time-out value if the Policy Server is busy due to heavy traffic or a slow network connection.
Default: 60
Example: requesttimeout="60"
The changes to the SmHost.conf file are applied.
When you install a SiteMinder Agent on a server for the first time, you are prompted to register that server as a trusted host. After the trusted host is registered, you do not have to re-register with subsequent Agent installations. There are some situations where you may need to re-register a trusted host independently of installing an Agent, such as the following:
The registration tool, smreghost, re-registers a trusted host. This tool is installed in the SMAGENT_HOME\bin directory when you install the SiteMinder Agent.
To re-register a trusted host using the registration tool
smreghost -i policy_server_IP_address:[port] -u administrator_username -p Administrator_password -hn hostname_for_registration -hc host_configuration_ object
Note: Separate each command argument from its value with a space. Surround any values that contain spaces with double quotes (").
See the following example:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings
The following example contains the -o argument:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings -o
The following arguments are used with the smreghost command:
Indicates the IP address of the Policy Server where you are registering this host. Specify the port of the authentication server only if you are not using the default port.
If you specify a port number, which can be a non-default port, that port is used for all three Policy Server processes (authentication, authorization, accounting). The Policy Server responds to any Agent request on any port.
Use a colon between the IP address and non-default port number, as shown in the following examples.
Default: (ports) 44441,44442,44443
Example: (IPv4 non-default port of 55555) -i 127.0.0.1:55555
Example: (IPv4 default ports) -i 127.0.0.1
Example: (IPv6 non-default port of 55555) -i [2001:DB8::/32][:55555]
Example: (IPv6 default ports) -i [2001:DB8::/32]
Indicates the name of the CA SiteMinder® administrator with the rights to register a trusted host.
Indicates the password of the Administrator who is allowed to register a trusted host.
Indicates the name of the host to be registered. This can be any name that identifies the host, but it must be unique. After registration, this name is placed in the Trusted Host list in the Administrative UI.
Indicates the name of the Host Configuration Object configured at the Policy Server. This object must exist on the Policy Server before you can register a trusted host.
Specifies the shared secret for the agent, which is stored in the SmHost.conf file on the local web server. This argument changes the shared secret on only the local web server. The Policy Server is not contacted.
Specifies whether the shared secret will be updated (rolled over) automatically by the Policy server. This argument instructs the Policy Server to update the shared secret.
(Optional) Indicates the full path to the file that contains the registration data. The default file is SmHost.conf. If you do not specify a path, the file is installed in the location where you are running the smreghost tool.
If you use the same name as an existing host configuration file, the tool backs up the original and adds a .bk extension to the backup file name.
Specifies one of the following FIPS modes:
Important! A CA SiteMinder® installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of CA SiteMinder®, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the corresponding versions of the respective SDKs to achieve the required support for Full FIPS mode.
If this switch is not used, or you use the switch without specifying a mode, the default setting is used.
Default: COMPAT
Note: More information on the FIPS Certified Module and the algorithms being used; the data that is being protected; and the CA SiteMinder® Cryptographic Boundary exists in the Policy Server Administration Guide.
Overwrites an existing trusted host. If you do not use this argument, you will have to delete the existing trusted host with the Administrative UI before using the smreghost command. We recommend using the smreghost command with this argument.
The trusted host is re-registered.
You typically register only one trusted host for each machine where application servers and SiteMinder or SiteMinder WSS Agents are installed. However, you can register multiple trusted hosts on one computer to create distinct connections for each client. Using multiple trusted hosts ensures a unique shared secret and a secure connection for each client requiring communication with the Policy Server.
For most installations this is not a recommended configuration. However, it is an option for sites who require distinct, secure channels for each client or group of client applications protected by SiteMinder or SiteMinder WSS Agents. For example, an application service provider may have many client computers with different applications installed. You may want a secure connection for each application, which you can achieve by registering multiple trusted hosts. The Policy Server then issues unique shared secrets for each client connection.
To register multiple trusted hosts, use one of the following methods:
Note: If you have registered a trusted host with a Policy Server and you run the Configuration Wizard to configure subsequent Agents without using a unique path for the SmHost.conf file, you will see a warning message in the Host Registration dialog box. The message reads:
"Warning: You have already registered this Agent with a Policy Server."
A trusted host is a client computer where one or more SiteMinder or SOA Agents can be installed. The term trusted host refers to the physical system.
To establish a connection between the trusted host and the Policy Server, you need to register the host with the Policy Server. After registration is complete, the registration tool creates the SmHost.conf file. After this file is created successfully, the client computer becomes a trusted host.
The following information must be supplied during Trusted Host registration:
The name of a Policy Server administrator allowed to register the host with the Policy Server.
This administrator should already be defined at the Policy Server and have the permission Register Trusted Hosts set. The default administrator is SiteMinder.
The Policy Server administrator account password.
Specifies a unique name that represents the trusted host to the Policy Server. This name does not have to be the same as the physical client system that you are registering; it can be any unique name, for example, mytrustedhost.
Note: This name must be unique among trusted hosts and not match the name of any other Agent.
The name of the Host Configuration Object in the Policy Server that defines the connection between the trusted host and the Policy Server. For example, to use the default, enter DefaultHostSettings. In most cases, you will have created your own Host Configuration Object.
Note: This value must match the Host Configuration Object entry preconfigured on the Policy Server.
The IP address, or host name, and authentication port of the Policy Server where you are registering the host. The default port is 44442. If you do not provide a port, the default is used.
You can specify a non-default port number, but if your Policy Server is configured to use a non-default port and you omit it when you register a trusted host, the following error is displayed:
Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1)
Note also that if you specify a non-default port, that port is used for the Policy Server’s authentication, authorization, and accounting ports; however, the unified server responds to any Agent request on any port. The entry in the SmHost.conf file will look like:
policyserver="ip_address,5555,5555,5555"
Determines whether the Agent communicates with the Policy Server using certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries.
Specifies non-FIPS mode, which lets the Policy Server and the Agents read and write information using the existing CA SiteMinder® encryption algorithms. If your organization does not require the use of FIPS-compliant algorithms, the Policy Server and the Agents can operate in non-FIPS mode without further configuration.
Specifies full-FIPS mode, which requires that the Policy Server and Web Agents read and write information using only FIPS 140-2 algorithms.
Important! A CA SiteMinder® installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of CA SiteMinder®, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the corresponding versions of the respective SDKs to achieve the required support for Full FIPS mode.
You can configure SiteMinder Agents and register a trusted host immediately after installing the SiteMinder Agent or at a later time; however, the host must be registered to communicate with the Policy Server.
Note: You only register the host once, not each time you install and configure a SiteMinder Agent on your system.
These instructions are for GUI and Console Mode registration. The steps for the two modes are the same, with the following exceptions for Console mode:
To configure Agents and register a trusted host
GUI Mode: ./ca-jbossagent-config.bin
Console Mode: ./ca-jbossagent-config.bin -i console
The Configuration Wizard starts.
When the wizard completes, the host is registered and a host configuration file, SmHost.conf, is created in SMAGENT_HOME/config. You can modify this file.
To check the results of the installation or review any specific problems during the installation or configuration of the SiteMinder Agent for JBoss, check the CA_SiteMinder®_Agent_for_JBoss_InstallLog.log file in the SMAGENT_HOME/install_config_info directory.
SiteMinder Agents act as trusted hosts by using the information in the SmHost.conf file to locate and make initial connections to a Policy Server. Once the Agent connects to the Policy Server, the initial connections are closed. Any further communication between the Agent and the Policy Server is based on settings in the Host Configuration Object that is located on the Policy Server.
You can modify portions of the SmHost.conf file to change the initial Agent-to-Policy Server connection.
To modify the SmHost.conf file
Important! Change only the settings of the parameters listed here. Do not modify the settings of any other parameters in the SmHost.conf file.
Specifies the host configuration object that defines connectivity between the Agent that is acting as trusted host and the Policy Server. This name must match a name defined in the Administrative UI.
If you want to change the host configuration object an object so the SiteMinder Agent uses it, you need to modify this setting.
Specifies the Policy Server to which the trusted host will try to connect. The proper syntax is as follows:
"IP_address, port,port,port"
The default ports are 44441,44442,44443, but you can specify non-default ports using the same number or different numbers for all three ports. The unified server responds to any Agent request on any port.
To specify additional bootstrap servers for the Agent, add multiple Policy Server entries to the file. Multiple entries provide the Agent with several Policy Servers to which it can connect to retrieve its Host Configuration Object. After the Host Configuration Object is retrieved, the bootstrap servers are no longer needed for that server process.
Multiple entries can be added during host registration or by modifying this parameter. If a Policy Server is removed from your CA SiteMinder® environment or is no longer in service, delete the entry.
Important: If an Agent is configured on a multi-process web server, specifying multiple Policy Server entries is recommended to ensure that any child process can establish a connection to the secondary Policy Server if the primary Policy Server fails. Each time a new child process is started, it will not be able to initialize the Agent if only one Policy Server is listed in the file and that Policy Server is unreachable.
Default: IP_address, 44441,44442,44443
Example (Syntax for a single entry): "IP_address, port,port,port"
Example (Syntax for multiple entries, place each Policy Server on a separate line):
policyserver="123.122.1.1, 44441,44442,44443"
policyserver="111.222.2.2, 44441,44442,44443"
policyserver="321.123.1.1, 44441,44442,44443"
Specifies an interval of seconds during which the Agent that is acting as a trusted host waits before deciding that a Policy Server is unavailable. You can increase the time-out value if the Policy Server is busy due to heavy traffic or a slow network connection.
Default: 60
Example: requesttimeout="60"
The changes to the SmHost.conf file are applied.
When you install a SiteMinder Agent on a server for the first time, you are prompted to register that server as a trusted host. After the trusted host is registered, you do not have to re-register with subsequent Agent installations. There are some situations where you may need to re-register a trusted host independently of installing an Agent, such as the following:
The registration tool, smreghost, re-registers a trusted host. This tool is installed in the SMAGENT_HOME/bin directory when you install the SiteMinder Agent.
To re-register a trusted host using the registration tool
LD_LIBRARY_PATH=${LD_LIBRARY_PATH:agent_home/bin
export LD_LIBRARY_PATH
For example:
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/CA/JBossAgent/bin
export LD_LIBRARY_PATH
smreghost -i policy_server_IP_address:[port] -u administrator_username -p Administrator_password -hn hostname_for_registration -hc host_configuration_ object
Note: Separate each command argument from its value with a space. Surround any values that contain spaces with double quotes (").
See the following example:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings
The following example contains the -o argument:
smreghost -i 123.123.1.1 -u SiteMinder -p mypw -hn "host computer A" -hc DefaultHostSettings -o
The following arguments are used with the smreghost command:
Indicates the IP address of the Policy Server where you are registering this host. Specify the port of the authentication server only if you are not using the default port.
If you specify a port number, which can be a non-default port, that port is used for all three Policy Server processes (authentication, authorization, accounting). The Policy Server responds to any Agent request on any port.
Use a colon between the IP address and non-default port number, as shown in the following examples.
Default: (ports) 44441,44442,44443
Example: (IPv4 non-default port of 55555) -i 127.0.0.1:55555
Example: (IPv4 default ports) -i 127.0.0.1
Example: (IPv6 non-default port of 55555) -i [2001:DB8::/32][:55555]
Example: (IPv6 default ports) -i [2001:DB8::/32]
Indicates the name of the CA SiteMinder® administrator with the rights to register a trusted host.
Indicates the password of the Administrator who is allowed to register a trusted host.
Indicates the name of the host to be registered. This can be any name that identifies the host, but it must be unique. After registration, this name is placed in the Trusted Host list in the Administrative UI.
Indicates the name of the Host Configuration Object configured at the Policy Server. This object must exist on the Policy Server before you can register a trusted host.
Specifies the shared secret for the agent, which is stored in the SmHost.conf file on the local web server. This argument changes the shared secret on only the local web server. The Policy Server is not contacted.
Specifies whether the shared secret will be updated (rolled over) automatically by the Policy server. This argument instructs the Policy Server to update the shared secret.
(Optional) Indicates the full path to the file that contains the registration data. The default file is SmHost.conf. If you do not specify a path, the file is installed in the location where you are running the smreghost tool.
If you use the same name as an existing host configuration file, the tool backs up the original and adds a .bk extension to the backup file name.
Specifies one of the following FIPS modes:
Important! A CA SiteMinder® installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of CA SiteMinder®, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the corresponding versions of the respective SDKs to achieve the required support for Full FIPS mode.
If this switch is not used, or you use the switch without specifying a mode, the default setting is used.
Default: COMPAT
Note: More information on the FIPS Certified Module and the algorithms being used; the data that is being protected; and the CA SiteMinder® Cryptographic Boundary exists in the Policy Server Administration Guide.
Overwrites an existing trusted host. If you do not use this argument, you will have to delete the existing trusted host with the Administrative UI before using the smreghost command. We recommend using the smreghost command with this argument.
The trusted host is re-registered.
You typically register only one trusted host for each machine where application servers and SiteMinder or SiteMinder WSS Agents are installed. However, you can register multiple trusted hosts on one computer to create distinct connections for each client. Using multiple trusted hosts ensures a unique shared secret and a secure connection for each client requiring communication with the Policy Server.
For most installations this is not a recommended configuration. However, it is an option for sites who require distinct, secure channels for each client or group of client applications protected by SiteMinder or SiteMinder WSS Agents. For example, an application service provider may have many client computers with different applications installed. You may want a secure connection for each application, which you can achieve by registering multiple trusted hosts. The Policy Server then issues unique shared secrets for each client connection.
To register multiple trusted hosts, use one of the following methods:
Note: If you have registered a trusted host with a Policy Server and you run the Configuration Wizard to configure subsequent Agents without using a unique path for the SmHost.conf file, you will see a warning message in the Host Registration dialog box. The message reads:
"Warning: You have already registered this Agent with a Policy Server."
|
Copyright © 2013 CA.
All rights reserved.
|
|