SiteMinder Agent for SAP Web AS Guide › Configure SAP Web Application Server 7.1-7.3 and the Agent for SAP Web AS to Work Together › Configure a SiteMinder Authentication Scheme for the Enterprise Portal

Configure a SiteMinder Authentication Scheme for the Enterprise Portal

Create a SiteMinder authentication scheme to integrate the SiteMinder Login module with the Enterprise Portal.

Follow these steps:

1. Create a backup of the existing authschemes.xml file, as follows:
   1. Start the Web AS Java Config Tool by executing SAPJ2EEEngine_installation\j2ee\configtool\configtool.bat.
   2. Click the symbol for Switch to configuration editor mode.
   3. In the tree, navigate to cluster_config, system, custom_global, cfg, services, com.sap.security.core.ume.service, Persistent, authschemes.xml.
   4. Click the symbol for Switch between view and edit mode to switch to edit mode.
   5. In the tree, select authschemes.xml and click the symbol for Show the details of the selected node.
   6. In the Change File dialog, click Download and save the file to a local directory. Leave the Change File dialog open.
   7. Make a duplicate copy of the authschemes.xml file with a different name.
2. Edit the local authschemes.xml file in a text editor:
   1. Create a new authscheme by copying the elements of the existing uidpwdlogon authscheme. Rename the new authscheme to SiteMinder.

      See the following example:

      

      

   2. Modify frontendtarget of the SiteMinder authscheme to point to a URL iView, which must refer to an error page. This page is presented to the user if authentication is unsuccessful or if the authentication stack fails. For details on creating a URL iView, see the SAP documentation.

Note: The value of frontendtarget that is shown here is merely for reference; change it appropriately for the user environment. Also if the frontendtarget value given here is an iView, give Read access to the Everyone group.

1. Modify the default authscheme-ref so that it points to the SiteMinder authscheme.
2. Save your changes to the authschemes.xml file and close the text editor.

1. In the Web AS Java Config Tool Change File dialog that you left open in step 1f, click Upload and select the local authschemes.xml file you edited previously.
2. Open the SAP NetWeaver Administrator
3. Navigate to Configuration, Security, Authentication and Single Sign-On.
4. Click on the "ticket" template.
5. (Optional) Remove other Login Modules (BasicPasswordLoginModule, EvaluateTicketLoginModule) from the ticket authentication template stack.
6. Add the following modules to the ticket authentication template stack, in the order that is shown and after the EvaluateTicketLoginModule, if present:
   • SiteMinderLoginModule
   • CreateTicketLoginModule
7. Click on the SiteMinderLoginModule entry and add a redirectOnError option as follows:
   1. Click Add in the options section.
   2. Enter redirectOnError in the Name column and set the values to true.
8. Click on the CreateTicketLoginModule entry and add a ume.configuration.active option as follows:
   1. Click Add in the options section.
   2. Enter ume.configuration.active in the Name column and set the value to true.
9. Do one of the following steps:
   • If there are no other Login Modules in the stack, ensure that the following flags are set:
     • SiteMinderLoginModule with flag REQUISITE
     • CreateTicketLoginModule with flag REQUIRED
   • If there are other Login Modules in the stack, you may need to change the Login Module flags as follows or based upon deployment-specific requirements:
     • SiteMinderLoginModule with flag OPTIONAL
     • CreateTicketLoginModule with flag OPTIONAL

     Note: Set the redirectOnError option to False if the OPTIONAL flag is set for SiteMinderLoginModule.

10. Restart the Web AS J2EE engine for the changes to take effect.