SiteMinder Agent for SAP Web AS Guide › Configure SAP Web Application Server 7.0 and the Agent for SAP Web AS to Work Together › How to Confirm your SiteMinder Protection › Configure the Enterprise Portal Authentication Scheme

Configure the Enterprise Portal Authentication Scheme

To integrate the SiteMinder Login module with the Enterprise Portal, a SiteMinder AuthScheme.

Follow these steps:

1. Make sure the SiteMinder Agent for SAP Web AS solution is deployed on the Web AS J2EE Engine, as described in the following sections of this guide:
   • How to Update the SiteMinder Policies
   • Deploy and View SiteMinderLoginModule
   • Configure SiteMinderLoginModule
2. Create a backup of the existing authschemes.xml file, as follows:
   1. In the Web AS J2EE Engine Visual Administrator console, select the Configuration Adapter service under the Server node.
   2. In the Display Configuration tab, scroll to the following:

      cluster_data, server, persistent, com.sap.security.core.ume.service, authschemes.xml

   3. Double-click authschemes.xml, and click the Download button to keep a copy of the file.
3. Edit the authschemes.xml file:
   1. Click the Edit button to switch to the edit mode. At the prompt, click Yes.
   2. Click the Write button (pencil icon) to open authschemes.xml.
   3. Create a new authscheme by copying the elements of the existing uidpwdlogon authscheme. Rename the new authscheme toSiteMinder.

      See the following example:

      

      

   4. Modify frontendtarget of the SiteMinder authscheme to point to a URL iView, which refers to an error page. This page is presented to the user if authentication is unsuccessful or if the authentication stack fails. For details on creating a URL iView, see the SAP documentation.

Note: The value of frontendtarget given here is just for reference. Change it for each user environment. Also if the frontendtarget value given here is an iView, the allow the Everyone group Read access to it.

1. Modify the default authscheme-ref so that it points to the SiteMinder authscheme.
2. Click OK to save changes to the authschemes.xml file.

1. Navigate to Server, Services, and select Security Provider.
2. Click the Runtime tab and the Select Policy Configurations tab.
3. (Optional) Remove other Login Modules (BasicPasswordLoginModule, EvaluateTicketLoginModule) from the ticket authentication template stack.
4. Add the following modules to the ticket authentication template stack, in the following order and after the EvaluateTicketLoginModule, if present:
   • SiteMinderLoginModule
   • CreateTicketLoginModule
5. Do one of the following tasks:
   • If there are no other Login Modules in the stack, ensure that the following flags are set:
     • SiteMinderLoginModule with flag REQUISITE
     • CreateTicketLoginModule with flag REQUIRED
   • If there are other Login Modules in the stack, you may need to change the Login Module flags as shown below or based upon deployment-specific requirements:
     • SiteMinderLoginModule with flag OPTIONAL
     • CreateTicketLoginModule with flag OPTIONAL

     Note: You must set redirectOnError option to False if the OPTIONAL flag is set for SiteMinderLoginModule.

6. Restart the Web AS J2EE engine for the changes to take effect.