Previous Topic: Uninstall a SiteMinder Agent for JBossNext Topic: Configure JBoss to Work with the SiteMinder Agent


Configure the SiteMinder Agent

This section contains the following topics:

SiteMinder Agent for JBoss Configuration File

Agent Configuration Object

SiteMinder Agent Configuration Parameters

SiteMinder Agent for JBoss Configuration File

By default, the SiteMinder Agent for JBoss installation creates a single agent configuration file, JavaAgent.conf in the SMAGENT_HOME/config directory.

Each Agent configuration file is created with the following required default configuration parameters/values:

Parameter

Description

DefaultAgentName

The agent identity the Policy Server uses to associate policies with the SiteMinder Agent.

EnableAgent

Specifies whether the SiteMinder Agent is enabled. Possible values are Yes and No.

Default value is Yes.

AgentConfigObject

The Agent Configuration Object specified during installation.

SmHostFile

Path to the local Host Configuration File. Path can be specified in absolute terms or relative to SMAGENT_HOME.

Note: On Windows, you must specify paths using double backslashes ("\\") rather than single backslash ("\") to separate directories. On UNIX, use standard single slash ("/") separators.

Example values:

  • (Windows) C:\\Program Files\\CA\\JBossAgent\\config\\SmHost.conf
  • (Windows) config\\SmHost.conf
  • (UNIX) export/JBossAgent/config/SmHost.conf
  • (UNIX) /config/SmHost.conf

ServerName

A string that will be used in the SiteMinder Agent log to identify the JBoss Application Server.

appserverjaasloginhandler

Specifies the SiteMinder Agent for JBoss login handler class.

Default value is "com.ca.soa.agent.appserver.jaas.jboss.JBossLoginHandler". Do not change this value.

appserverjmshandler

Specifies the SiteMinder Agent for JBoss JMS handler class.

Default value is "com.ca.soa.agent.appserver.jaxrpc.jms.jboss.JBossJMSMessageHandler". Do not change this value.

You should not need to edit the preconfigured values unless the location of the Host Configuration File changes or you want to refer to a different Agent Configuration Object. If you choose to use local configuration, you can add other Agent configuration parameters to these preconfigured values.

Note: Parameters held in the Agent configuration file are static; if you change these settings while the JBoss server is running, the SiteMinder Agent will not pick up the change until JBoss is restarted.

The JavaAgent.conf file also contains a list of SiteMinder Agent plugin classes; you do not need to alter this information.

Generally, you only need to edit the JavaAgent.conf.file if you change the name of your Agent Configuration Object.

Sample JavaAgent.conf (Windows)

# Java Agent Configuration File
#
# This file contains bootstrap information required by
# the SiteMinder Java Agent
#

#
# Configuration for agent testagent
#
defaultagentname=agentjboss
enablewebagent=yes
agentconfigobject=soaagentconfig
servername=jboss.example.com
smhostfile=C:\\Program Files\\CA\\JBossAgent\\config\\SmHost.conf

appserverjaasloginhandler=com.ca.soa.agent.appserver.jaas.jboss.JBossLoginHandler
appserverjmshandler=com.ca.soa.agent.appserver.jaxrpc.jms.jboss.JBossJMSMessageHandler

# Configure plugins for the agent testagent
transport_plugin_list=com.ca.soa.agent.httpplugin.pluginconfig.HttpPluginConfig, com.ca.soa.agent.jaxrpcplugin.pluginconfig.JaxRpcPluginConfig, com.ca.soa.agent.jmsplugin.pluginconfig.JMSPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig
msg_body_plugin_list=com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig
credential_plugin_list=com.ca.soa.agent.httpplugin.pluginconfig.HttpPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig
variable_resolver_plugin_list=com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig

# <EOF>

Agent Configuration Object

An Agent Configuration Object is a Policy Server object that holds Agent parameters for an Agent when using central agent configuration.

Note: Parameters held in an Agent Configuration Object are dynamic; if you change these settings while the JBoss server is running, the SiteMinder Agent will pick up the change.

SiteMinder Agent Configuration Parameters

The following table contains a complete list of all Agent configuration parameters supported by the SiteMinder Agent for JBoss.

Unless otherwise noted,you can define parameters in either the Agent Configuration Object or the Agent configuration file depending upon how you decide to configure the SiteMinder Agent.

Parameter Name

Value

Description

AcceptTPCookie

 

YES or NO

(Optional) If set to yes, configures the SiteMinder Agent to assert identities from third-party SiteMinder session cookies (that is, session cookies generated by custom Agents created using the SiteMinder and CA SiteMinder® Web Services Security SDKs.

Note: AcceptTPCookie must be set to Yes to assert identities from session cookies generated by CA SOA Security Gateway.

Default is Yes.

AgentName

String

Defines the identity of the SiteMinder Agent. It establishes a mapping between the name and the IP address of each web server instance hosting an Agent.

If a value is not set for this parameter, or if the SiteMinder Agent does not find a match among the values listed, the SiteMinder Agent uses the value set in the DefaultAgentName parameter instead.

Note: This parameter can have more than one value. Use the multi-value option when setting this parameter in an Agent Configuration Object. For local configuration files, add the parameter name followed by each value to separate lines in the file.

No default value.

AllowLocalConfig

(Applies only in the Agent Configuration Object)

YES or NO

If set to yes, parameters set locally in the Agent configuration file take precedence over parameters in the Agent Configuration Object.

Default is NO.

AuthCacheSize

 

Number

(Optional) Size of the authentication cache for the SiteMinder Agent (in number of entries). For example:

authcachesize="1000"

Default is 0.

To flush this cache, use the Policy Server User Interface.

AzCacheSize

 

Number

(Optional) Size of the authorization cache (in number of entries) for the SiteMinder Agent. For example:

authcachesize="1000"

Default is 0.

To flush this cache, use the Policy Server User Interface.

CacheTimeout

Number

(Optional) Number of seconds before cache times out. For example:

cachetimeout="1000"

Default is 600 (10 minutes).

ConfigObject

(Applies only in Agent configuration file)

String

The name of the Agent Configuration Object associated with the SiteMinder Agent.

No default value.

CookieDomain

 

String

(Optional) Name of the cookie domain. For example:

cookiedomain="ca.com"

No default value.

For more information, see the cookiedomainscope parameter.

CookieDomainScope

 

Number

(Optional) Further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder Agent. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example:

cookiedomainscope="2"

Default is 0, which takes the domain name specified in the cookiedomain parameter.

DefaultAgentName

(Applies only in the Agent Configuration Object)

String

The agent identity the Policy Server will use to associate policies with the SiteMinder Agent if there is no agent name specified in the AgentName parameter.

No default value.

EnableWebAgent

(Applies only in Agent configuration file)

YES or NO

Enables or disables the SiteMinder Agent. When set to 'yes', the SiteMinder Agent will protect resources using the Policies configured in the Policy Server for the configured agent identity.

Default is Yes.

LogOffUri

String

(Optional) The URI of a custom HTTP file that will perform a full log off (removing the session cookie from a user’s browser). A fully qualified URI is not required. For example, LogOffUri could be set to: /Web pages/logoff.html

No default value.

PsPollInterval

Number

(Optional) The frequency with which the SiteMinder Agent polls the Policy Server to retrieve information about policy changes.

Default is 30 seconds.

ResourceCacheSize

Number

(Optional) Size (in number of entries) of the cache for resource protection decisions. For example:

resourcecachesize="1000"

Default is 2000.

To flush this cache, use the Administrative UI.

SAMLSessionTicketLogoffi

YES or NO

(Optional) Determines whether the WSS Agent Security Interceptor should attempt to log off session tickets in SAML assertions.

Default is Yes.

ServerName

(Applies only in Agent configuration file.)

String

A string to be used in the SiteMinder Agent log to identify the target application server.

SessionGracePeriod

Number

(Optional) Grace period (in seconds) between the regeneration of session tokens.

Default is 30

SmHostFile

(Applies only in Agent configuration file)

String

Path to the local Host Configuration File (typically SMAGENT_HOME\conf\SmHost.conf).

No default value.

XMLAgentSoapFaultDetails

YES or NO

(Optional) Determines whether or not the WSS Agent Security Interceptor should insert the authentication/authorization rejection reason (if provided by the Policy Server) into the SOAP fault response sent to the web service consumer.

Default is No.

XMLSDKAcceptSMSessionCookie

YES or NO

(Optional) Determines whether or not the WSS Agent Security Interceptor accepts an CA SiteMinder session cookie to authenticate a client.

Default is No.

If set to Yes, the SiteMinder Agent uses information in a session cookie sent as an HTTP header in the request as a means of authenticating the client.

If set to No, session cookies are ignored and the SiteMinder Agent requests credentials required by the configured authentication scheme.

XMLSDKMimeTypes

String

(Optional) A comma-delimited list of MIME types that the WSS Agent Security Interceptor will accept for processing by CA SiteMinder® Web Services Security. All POSTed requests having one of the listed MIME types are processed. Examples:

  • text/xml
  • application/octet-stream
  • text/xml,multipart/related

If you do not add this parameter to the Agent Configuration Object, the WSS Agent Security Interceptor defaults to accepting text/xml and application/soap+xml MIME types.