The SharePoint connection wizard takes you through the process of configuring and managing SharePoint connections with CA SiteMinder.
Before running the wizard, gather the following information:
Specifies the Policy Server name or IP address.
Example: host_name:port_number
Note: Specify the Administration port number if the port number is different from the default port number 44444.
Specifies the Policy Server administrator username.
Specifies the Policy Server administrator password.
Specifies the name of the 4.x-compatible Agent object on your Policy Server. The connection with the Policy Server is established using the details given in the Agent Name.
Specifies the shared secret key that is associated with the 4.x-compatible Agent object on your Policy Server.
Specifies the name of the policy domain you created in the Policy Server to protect your SharePoint resources.
Specifies a name for the SharePoint connection. This name is also used as the file name of the PowerShell script that the wizard creates.
Note: Use a unique name across all Resource Partners and SharePoint connections.
Specifies the port number that is associated with the predefined protected URL which the SharePoint connection wizard adds automatically. When users try accessing a protected SharePoint resource without a SiteMinder session, they are redirected to the Authentication URL.
If you are using a default port number (such as 80 for HTTP or 443 for HTTPS), delete the <port> setting from this field.
Note: We recommend using HTTPS on production environments and pages which handle user credentials, such as login pages.
Specifies a name for a SharePoint realm that uniquely identifies this connection between SiteMinder and SharePoint. This name is used to create the trusted identity provider.
Limits: Unique value across all SharePoint servers, farms and within the SiteMinder environment. This value cannot be used with any other identity providers.
Specifies the number of seconds used as a time difference between the Policy Server (token producer) and the SharePoint server (token consumer). This skew time accommodates for SharePoint connections using clocks that are acting as an account partner but are not synchronized with the Policy Server.
Note: This setting also affects the frequency of the SAML autopost operation.
Limits: Positive integers.
Specifies the number of seconds for which a session remains valid. If the validity duration expires, a logout message is generated. The user that is associated with the invalid session is logged out.
Note: This setting also affects the frequency of the SAML autopost operation.
Specifies the alias that the key store uses to identify the private key that is associated with the certificate your Policy Server uses to sign the tokens.
Note: We recommended verifying that the private key exists in the central key store before you specify its associated alias in this field. Open the Administrative UI, and then click Infrastructure, X.509 Certificate Management, Trusted Certificates and Private Keys for a list of certificates and their aliases.
Specifies the protection level that is assigned to the resource partner object the connection wizard creates. This protection level setting must be equal to or lower than the protection level assigned to the authentication scheme that protects your SharePoint resources.
Limits: 1-1000 (higher numbers indicate a higher protection level).
Specifies name of the attribute mapping in your user directory which identifies the unique value that is associated with each user.
Example: useridentifier
Specifies the directory attribute in your directory that is associated with the specified Identifier Claim name.
Example: (LDAP directory) uid
Example: (Active directory) sAMAccountName
Specifies an attribute name for one of the following claim types:
For multi–valued attributes, prefix FMATTR:
Example: (group–based claim) smusergroups
Example: (role-based claim) userrole
Example: (multiv–alued attributes) FMATTR:LastName
Specifies an attribute value that is associated with the specified attribute name.
For group-based claims, use the friendly role of your groups. The people picker in SharePoint displays the description and distinguished name (DN) of the group. Permissions are tied to the DN of the group, not the friendly name.
Example: (LDAP directory group-based claim) description
Example: (LDAP directory role-based claim) employeeType
Example: (Active Directory group-based claim) name
Example: (Active Directory role-based claim) countryCode
Indicates if the single log out feature is enabled for the associated cleanup URLs and the associated confirm URLs.
Specifies the URLs of the cleanup pages for the single log out feature.
Limits: Separate multiple URLs with a semicolon (;)
Specifies the URLs of the confirmation pages for the single log out feature.
Limits: Separate multiple URLs with a semicolon (;)
Copyright © 2013 CA.
All rights reserved.
|
|