This section contains the following topics:
SiteMinder Agent for JBoss Configuration File
SiteMinder Agent Configuration Parameters
By default, the SiteMinder Agent for JBoss installation creates a single agent configuration file, JavaAgent.conf in the SMAGENT_HOME/config directory.
Each Agent configuration file is created with the following required default configuration parameters/values:
Parameter |
Description |
---|---|
DefaultAgentName |
The agent identity the Policy Server uses to associate policies with the SiteMinder Agent. |
EnableAgent |
Specifies whether the SiteMinder Agent is enabled. Possible values are Yes and No. Default value is Yes. |
AgentConfigObject |
The Agent Configuration Object specified during installation. |
SmHostFile |
Path to the local Host Configuration File. Path can be specified in absolute terms or relative to SMAGENT_HOME. Note: On Windows, you must specify paths using double backslashes ("\\") rather than single backslash ("\") to separate directories. On UNIX, use standard single slash ("/") separators. Example values:
|
ServerName |
A string that will be used in the SiteMinder Agent log to identify the JBoss Application Server. |
appserverjaasloginhandler |
Specifies the SiteMinder Agent for JBoss login handler class. Default value is "com.ca.soa.agent.appserver.jaas.jboss.JBossLoginHandler". Do not change this value. |
appserverjmshandler |
Specifies the SiteMinder Agent for JBoss JMS handler class. Default value is "com.ca.soa.agent.appserver.jaxrpc.jms.jboss.JBossJMSMessageHandler". Do not change this value. |
You should not need to edit the preconfigured values unless the location of the Host Configuration File changes or you want to refer to a different Agent Configuration Object. If you choose to use local configuration, you can add other Agent configuration parameters to these preconfigured values.
Note: Parameters held in the Agent configuration file are static; if you change these settings while the JBoss server is running, the SiteMinder Agent will not pick up the change until JBoss is restarted.
The JavaAgent.conf file also contains a list of SiteMinder Agent plugin classes; you do not need to alter this information.
Generally, you only need to edit the JavaAgent.conf.file if you change the name of your Agent Configuration Object.
Sample JavaAgent.conf (Windows)
# Java Agent Configuration File # # This file contains bootstrap information required by # the SiteMinder Java Agent # # # Configuration for agent testagent # defaultagentname=agentjboss enablewebagent=yes agentconfigobject=soaagentconfig servername=jboss.example.com smhostfile=C:\\Program Files\\CA\\JBossAgent\\config\\SmHost.conf appserverjaasloginhandler=com.ca.soa.agent.appserver.jaas.jboss.JBossLoginHandler appserverjmshandler=com.ca.soa.agent.appserver.jaxrpc.jms.jboss.JBossJMSMessageHandler # Configure plugins for the agent testagent transport_plugin_list=com.ca.soa.agent.httpplugin.pluginconfig.HttpPluginConfig, com.ca.soa.agent.jaxrpcplugin.pluginconfig.JaxRpcPluginConfig, com.ca.soa.agent.jmsplugin.pluginconfig.JMSPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig msg_body_plugin_list=com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig credential_plugin_list=com.ca.soa.agent.httpplugin.pluginconfig.HttpPluginConfig, com.ca.soa.agent.jaxwsplugin.pluginconfig.JaxWsPluginConfig variable_resolver_plugin_list=com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig # <EOF>
An Agent Configuration Object is a Policy Server object that holds Agent parameters for an Agent when using central agent configuration.
Note: Parameters held in an Agent Configuration Object are dynamic; if you change these settings while the JBoss server is running, the SiteMinder Agent will pick up the change.
The following table contains a complete list of all Agent configuration parameters supported by the SiteMinder Agent for JBoss.
Unless otherwise noted,you can define parameters in either the Agent Configuration Object or the Agent configuration file depending upon how you decide to configure the SiteMinder Agent.
Parameter Name |
Value |
Description |
---|---|---|
AcceptTPCookie
|
YES or NO |
(Optional) If set to yes, configures the SiteMinder Agent to assert identities from third-party SiteMinder session cookies (that is, session cookies generated by custom Agents created using the SiteMinder and CA SiteMinder® Web Services Security SDKs. Note: AcceptTPCookie must be set to Yes to assert identities from session cookies generated by CA SOA Security Gateway. Default is Yes. |
AgentName |
String |
Defines the identity of the SiteMinder Agent. It establishes a mapping between the name and the IP address of each web server instance hosting an Agent. If a value is not set for this parameter, or if the SiteMinder Agent does not find a match among the values listed, the SiteMinder Agent uses the value set in the DefaultAgentName parameter instead. Note: This parameter can have more than one value. Use the multi-value option when setting this parameter in an Agent Configuration Object. For local configuration files, add the parameter name followed by each value to separate lines in the file. No default value. |
AllowLocalConfig (Applies only in the Agent Configuration Object) |
YES or NO |
If set to yes, parameters set locally in the Agent configuration file take precedence over parameters in the Agent Configuration Object. Default is NO. |
AuthCacheSize
|
Number |
(Optional) Size of the authentication cache for the SiteMinder Agent (in number of entries). For example: authcachesize="1000" Default is 0. To flush this cache, use the Policy Server User Interface. |
AzCacheSize
|
Number |
(Optional) Size of the authorization cache (in number of entries) for the SiteMinder Agent. For example: authcachesize="1000" Default is 0. To flush this cache, use the Policy Server User Interface. |
CacheTimeout |
Number |
(Optional) Number of seconds before cache times out. For example: cachetimeout="1000" Default is 600 (10 minutes). |
ConfigObject (Applies only in Agent configuration file) |
String |
The name of the Agent Configuration Object associated with the SiteMinder Agent. No default value. |
CookieDomain
|
String |
(Optional) Name of the cookie domain. For example: cookiedomain="ca.com" No default value. For more information, see the cookiedomainscope parameter. |
CookieDomainScope
|
Number |
(Optional) Further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder Agent. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example: cookiedomainscope="2" Default is 0, which takes the domain name specified in the cookiedomain parameter. |
DefaultAgentName (Applies only in the Agent Configuration Object) |
String |
The agent identity the Policy Server will use to associate policies with the SiteMinder Agent if there is no agent name specified in the AgentName parameter. No default value. |
EnableWebAgent (Applies only in Agent configuration file) |
YES or NO |
Enables or disables the SiteMinder Agent. When set to 'yes', the SiteMinder Agent will protect resources using the Policies configured in the Policy Server for the configured agent identity. Default is Yes. |
LogOffUri |
String |
(Optional) The URI of a custom HTTP file that will perform a full log off (removing the session cookie from a user’s browser). A fully qualified URI is not required. For example, LogOffUri could be set to: /Web pages/logoff.html No default value. |
PsPollInterval |
Number |
(Optional) The frequency with which the SiteMinder Agent polls the Policy Server to retrieve information about policy changes. Default is 30 seconds. |
ResourceCacheSize |
Number |
(Optional) Size (in number of entries) of the cache for resource protection decisions. For example: resourcecachesize="1000" Default is 2000. To flush this cache, use the Administrative UI. |
SAMLSessionTicketLogoffi |
YES or NO |
(Optional) Determines whether the WSS Agent Security Interceptor should attempt to log off session tickets in SAML assertions. Default is Yes. |
ServerName (Applies only in Agent configuration file.) |
String |
A string to be used in the SiteMinder Agent log to identify the target application server. |
SessionGracePeriod |
Number |
(Optional) Grace period (in seconds) between the regeneration of session tokens. Default is 30 |
SmHostFile (Applies only in Agent configuration file) |
String |
Path to the local Host Configuration File (typically SMAGENT_HOME\conf\SmHost.conf). No default value. |
XMLAgentSoapFaultDetails |
YES or NO |
(Optional) Determines whether or not the WSS Agent Security Interceptor should insert the authentication/authorization rejection reason (if provided by the Policy Server) into the SOAP fault response sent to the web service consumer. Default is No. |
XMLSDKAcceptSMSessionCookie |
YES or NO |
(Optional) Determines whether or not the WSS Agent Security Interceptor accepts an CA SiteMinder session cookie to authenticate a client. Default is No. If set to Yes, the SiteMinder Agent uses information in a session cookie sent as an HTTP header in the request as a means of authenticating the client. If set to No, session cookies are ignored and the SiteMinder Agent requests credentials required by the configured authentication scheme. |
XMLSDKMimeTypes |
String |
(Optional) A comma-delimited list of MIME types that the WSS Agent Security Interceptor will accept for processing by CA SiteMinder® Web Services Security. All POSTed requests having one of the listed MIME types are processed. Examples:
If you do not add this parameter to the Agent Configuration Object, the WSS Agent Security Interceptor defaults to accepting text/xml and application/soap+xml MIME types. |
Copyright © 2013 CA.
All rights reserved.
|
|