Policy Server Guides › Policy Server Administration Guide › Policy Server Management › Policy Server Management Tasks

Policy Server Management Tasks

As a Policy Server administrator, you are responsible for system-level configuration and tuning of the SiteMinder environment, monitoring and ensuring its performance, as well as management of users and user sessions as necessary.

You perform most fundamental system configuration and management tasks using the Policy Server Management Console. Others tasks are performed using the Administrative UI.

Policy Server management tasks include:

• Starting and Stopping the Policy Server
• Configuring the Policy Server Executives
• Cache Management
• Configuring and Managing Encryption Keys
• User Session and Account Management
• Monitoring the Health of Your SiteMinder Environment
• Running Reporting

Policy Server Management Console

The Policy Server Management Console (or Management Console) provides a range of Policy Server configuration and system management options. The Management Console has a tab-based user interface in which information and controls are grouped together by function and presented together on tabs in a single window.

Important! The Policy Server Management Console should only be run by users who are members of the administrator group in Microsoft Windows.

Start the Management Console

Follow these steps:

• Windows

  Select the Policy Server Management Console icon in the CA SiteMinder® program group.

  Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.

• UNIX

  Run installation_directory/siteminder/bin/smconsole.

Note: To run the Policy Server Management Console on UNIX:

• The X display server must be running.
• Enable the display with:

  export DISPLAY=n.n.n.n:0.0
  

  n.n.n.n

  Specifies the IP address of the Policy Server host system.

Save Changes to Management Console Settings

On any tab in the Management Console, click:

• Apply to save the settings and keep the Management Console open
• OK to save the settings and close the Management Console.

Note: You must stop and restart the Authentication and Authorization processes to put Management Console settings changes into effect. The Policy Server cannot use the new settings until these services restart.

Policy Server User Interface

The browser–based CA CA SiteMinder® Administrative UI primarily enables management of Policy Server objects, but also provides some system management functionality.

To access the Administrative UI

1. Do one of the following:
   • From the computer hosting the Administrative UI, click Start, Programs, CA, CA SiteMinder®, CA SiteMinder® Administrative UI.
   • Open the following URL in your browser:

     http://fqdn:port/iam/siteminder/adminui
     

     fqdn

     Specifies the fully qualified domain name of the Administrative UI host system.

     port

     Specifies the port on which the application server, which is hosting the Administrative UI, is listening. If you installed the Administrative UI using the stand–alone option, enter 8080.

     Example: http://somehost@example.com:8080/iam/siteminder/adminui

     The login page for the Administrative UI appears.

2. Enter a valid user name and password.

   If you are accessing the Policy Server for the first–time, use the default superuser administrator account, which you created during Policy Server installation.

3. Click Log In.

   The Administrative UI opens.

   The contents of the window depend on the privileges of the administrator account you used to log in. You only see the items to which your account has access.

Grant Access to XPS Tools

Access to the XPS tools included with CA SiteMinder® must be granted to individual users by an Administrator using the Administrative UI.

Follow these steps:

1. Log in to the Administrative UI.
2. Click the Administration, Administrator, Administrators.
3. Do one of the following:
   • To add a new administrator, click Create Administrator
   • To change the access of an existing administrator, search for the user and click the name of the user to access the record.
4. Enter a name and an optional description in the respective fields.
5. Enter a user path or click Lookup to select an existing user path.

   Note: The user path (specified in the Administrative UI or with the XPSSecurity tool by an Administrator) is required for write access to any of the settings controlled by the XPS Tools. A user path has the following format:
   namespace://directory_server/DN or Login_for_OS

6. (Optional) Select the Super User option to grant super user rights.
7. Select any of the following command line tools in the Access Methods section:

   XPSEvaluate Allowed

   Grants access to the XPS expression evaluation tool.

   XPSExplorer Allowed

   Grants access to the tool that edits the XPS database.

   XPSRegClient Allowed

   Grants access to the XPS tool that registers Web Access Managers or Reports servers as privileged clients.

   XPSConfig Allowed

   Grants access to the tool that examines and configures XPS settings in XPS-aware products.XPSSecurity Allowed

   Grants access to the security tool which creates XPS users and specifies their XPS-related privileges.

8. Click Submit.

   The administrator has permission to use the selected XPS tools.

More information:

Add Event Handler Libraries