Previous Topic: Replace the (WS-Fed) token signing certificatesNext Topic: Log Files

Agent for SharePoint GuideCA DataMinder Content Classification Service and the CA SiteMinder® Agent for SharePoint

CA DataMinder Content Classification Service and the CA SiteMinder® Agent for SharePoint

Enable the DLP Plug–in

Enabling the DLP plug–in configures the agent to extract the resource information from the protected document. The agent passes the information to the Policy Server as part of the authorization process.

Important! A separate procedure is required in the application tier to enable the integration. Do not modify the web agent configuration file before the SharePoint agent configuration object is modified. The CA SiteMinder® administrator is responsible for completing the task.

Follow these steps:

  1. Log in to the system hosting your CA SiteMinder® Agent for SharePoint.
  2. Go to the following location: 
    Agent-for-SharePoint_Home\proxy-engine\conf\defaultagent
    Agent-for-SharePoint_Home

    Indicates the directory where the CA SiteMinder® Agent for SharePoint is installed.

    Default: (Windows) [32-bit] C:\Program Files\CA\Agent-for-SharePoint

    Default: (Windows) [64-bit] C:\CA\Agent-for-SharePoint
    Default: (UNIX/Linux) /opt/CA/Agent-for-SharePoint

  3. Open the following file: 
    WebAgent.conf
  4. Uncomment (remove the # sign to the left of) the line that loads the disambiguation plug–in.

    Example: (Windows [32-bit]) LoadPlugin="C:\Program Files\CA\Agent-for-SharePoint\agentframework\bin\DisambiguatePlugin.dll"

    Example: (Windows [64-bit]) LoadPlugin="C:\CA\Agent-for-SharePoint\agentframework\bin\DisambiguatePlugin.dll"

    Example: (UNIX/Linux) LoadPlugin="/opt/CA/Agent-for-SharePoint/agentframework/bin/DisambiguatePlugin.so"

  5. Save the file.
  6. Restart the web server.

    The CA SiteMinder® Agent for SharePoint is configured for the CA DataMinder integration.

Set the Proxy Rules for the CA SiteMinder® Agent for SharePoint when using CA DataMinder Content Classification Service with Multiple Authentication

The CA SiteMinder® Agent for SharePoint operates as a proxy-based solution. To protect your SharePoint resources, edit the proxy rules file so that the Agent for SharePoint forwards requests to one of the following destinations:

When using the CA SiteMinder® Agent for SharePoint, and the CA DataMinder content classification services together with multiple authentication, specific proxy rules are required for the proper protection of resources.

Important! Do not use any other proxy rule settings with the Agent for SharePoint, the CA DataMinder content classification service, and multi–authentication. Resources that the CA DataMinder content classification service classifies use an HTTP request header for proper forwarding by the Agent for SharePoint. If the Agent for SharePoint does not properly forward these requests using these rules (as they are shown here), unauthorized access or disclosure is possible.

Follow these steps:

  1. Locate the following file on your CA SiteMinder® Agent for SharePoint: 
    Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml
    Agent-for-SharePoint_Home

    Indicates the directory where the CA SiteMinder® Agent for SharePoint is installed.

    Default: (Windows) [32-bit] C:\Program Files\CA\Agent-for-SharePoint

    Default: (Windows) [64-bit] C:\CA\Agent-for-SharePoint
    Default: (UNIX/Linux) /opt/CA/Agent-for-SharePoint

  2. Rename the previous file using a name similar to the following example: 
    proxyrules_xml_default.txt
  3. Open the following file on your CA SiteMinder® Agent for SharePoint with a text editor: 
    Agent-for-SharePoint_home\proxy-engine\examples\proxyrules\proxyrules_example2.xml
  4. Save the previous file as a new file in the following location: 
    Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml
  5. Locate the following text in the updated proxyrules.xml file: 
    :///$$PROXY_RULES_DTD$$"
  6. Replace the previous text with the appropriate line for your operating environment:

    Note: The previous examples indicate the default installation directory for the product. If you installed the product in a different directory, edit the examples to point to your installation directory instead.

  7. Locate the following text: 
    http://www.company.com
  8. Change the previous text to the domain of your organization. Use the following example as a guide: 
    http://www.example.com
  9. Locate the following line: 
    <nete:cond type="header" criteria="equals" headername="HEADER">
  10. Edit the previous line so that it matches the following line: 
    <nete:cond type="header" criteria="equals" headername="SMSERVICETOKEN">
  11. Locate the following line: 
    <nete:case value="value1">
  12. Edit the previous line so that it matches the following line: 
    <nete:case value="DLP">
  13. Add a line after the previous line.
  14. Copy and paste the following xml syntax onto the new line: 
    <nete:xprcond>

    <nete:xpr>

    <nete:rule>^/_login/default.aspx\?ReturnUrl=(.*)</nete:rule>
<nete:result>http://sharepoint.example.com:port_number/_trust/default.aspx?trust=name_of_siteminder_trusted_identity_provider&amp;ReturnUrl=$1</nete:result>
</nete:xpr>

    <nete:xpr-default>

    <nete:forward>http://sharepoint.example:port_number$0</nete:forward>

    </nete:xpr-default>

    </nete:xprcond>
  15. Replace both instances of the sharepoint.example:port_number in the previous section with one of the following values:
  16. Replace the instance of name_of_siteminder_trusted_identity_provider in the previous section with the name of your CA SiteMinder® trusted identity provider.
  17. Locate the following line in the file: 
    <nete:forward>http://home.company.com$0</nete:forward>
  18. Replace the home.company.com in the previous line with one of the following values:
  19. Save the file and close your text editor.

    The proxy rules are set.