Agent for SharePoint Guide › How to Configure your CA SiteMinder Policy Server

How to Configure your CA SiteMinder Policy Server

The Policy Server authenticates and authorizes users who request access to the resources in your SharePoint environment. The Policy Server stores items that you create to define the users in your SharePoint environment and the resources that you want to protect with CA SiteMinder.

The following illustration describes the configuration process that prepares your Policy Server for use with the Agent for SharePoint:

Follow these steps:

1. Open the CA SiteMinder Administrative UI.
2. Create a host configuration object.
3. (Optional) Configure Policy Server clusters.
4. Create an Agent Object.
5. (Optional) Create agent groups for multiple agent objects.
6. Create a 4.x agent object for the SharePoint Connection wizard.
7. Create an Agent Configuration Object.
8. Create a user directory connection.
9. Create a virtual attribute mapping for your user claim.
10. Create an authentication scheme for the Agent for SharePoint.
11. Determine your policy model, and then do one of the following steps:
    • Create a Policy Domain.
    • Create a CA SiteMinder application to protect your SharePoint resources.
12. For Active Directory user directories only, enable paging on the system hosting your Policy Server. Use the appropriate procedure for your operating environment:
    • Enable paging on 32-bit operating environments.
    • Enable paging on 64-bit operating environments.

Open the Administrative UI to Change Policy Server Objects

Change the objects on your Policy Server by opening the Administrative UI.

Follow these steps:

1. Open the following URL in a browser.

   https://host_name:8443/iam/siteminder/adminui
   

   host_name

   Specifies the fully qualified Administrative UI host system name.

2. Enter your CA SiteMinder superuser name in the User Name field.
3. Enter the CA SiteMinder superuser account password in the Password field.

   Note: If your superuser account password contains one or more dollar‑sign ($) characters, replace each instance of the dollar-sign character with $DOLLAR$ in the Password field. For example, if the CA SiteMinder superuser account password is $password, enter $DOLLAR$password in the Password field.

4. Verify that the proper server name or IP address appears in the Server drop-down list.
5. Select Log In.

Create a Host Configuration Object

You can create a new Host Configuration object or duplicate an existing object.

To create a host configuration object

1. Click Infrastructure, Hosts.
2. Click Host Configuration Objects.

   The Host Configuration Objects page appears.

3. Click Create Host Configuration.
4. Do one of the following:
   • (Recommended) Create a copy of an existing Host Configuration object and modify its properties. You can copy the DefaultHostSettings object and use its settings as a template for the new object. The Policy Server installation program installs the DefaultHostSettings object.

     Important! Do not directly modify and use the DefaultHostSettings object. Always copy this object and then modify it.

   • Create a new object.
5. Click OK.

   The Create Host Configuration page appears.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

6. Type the name and a description.
7. In Configuration Values, specify the Host Configuration settings.
8. Click Submit.

   The Host Configuration Object is created.

Configure Clusters

Policy Server clusters are defined as part of a Host Configuration Object. When a CA SiteMinder agent initializes, the settings from the Host Configuration Object are used to setup communication with Policy Servers.

Note: For more information about Host Configuration Objects, see the Web Agent Configuration Guide and the Policy Server Configuration Guide.

Follow these steps:

1. Select the Infrastructure, Hosts. Host Configuration Objects.
2. Click Create Host Configuration.
3. In the Clusters section, click Add.

   The Cluster Setup section opens.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

4. Enter the IP address and the port number of the Policy Server in the Host and Port fields respectively.
5. Click Add to Cluster.

   The Policy Server appears in the servers list in the Current Setup section.

6. Repeat these steps to add other Policy Servers to the cluster.
7. Click OK to save your changes.

   Your return to the Host Configuration dialog The Policy Server cluster is listed in a table.

8. In the Failover Threshold Percent field, enter a percentage of the number of Policy Servers that must be active and click Apply.

   If the percentage of active servers in the cluster falls below the percentage you specify, the cluster fails over to the next available cluster in the list of clusters. This setting applies to all clusters that use the Host Configuration Object.

   Important! The Policy Server specified in the Configuration Values section is overwritten by the Policy Servers specified in a cluster. This Policy Server is no longer used because a cluster is configured. For the value of the Policy Server parameter in the Configuration Values section to apply, do not specify any Policy Servers in a cluster. If clusters are configured, and you decide to remove the clusters in favor of a simple failover configuration delete all Policy Server information from the cluster.

9. Click Submit to save your changes.