|
|
|
The Agent for SharePoint uses a connection wizard to define the connection parameters used when SiteMinder communicates with your SharePoint server. The connection wizard does following tasks:
Important! The SharePoint connection wizard automatically creates federation objects (resource partners) in your Policy Servers. Use only the SharePoint connection wizard to create or manage these objects. If you have a Federation Security Services license, these objects also appear in the FSS Administrative UI. Advise your Federation Security Services Administrator not to modify these objects with the FSS Administrative UI unless explicitly told to do so by CA support personnel.
Follow these steps:
Agent-for-SharePoint_home/sharepoint_connection_wizard
The SharePoint Connection wizard starts.
Agent-for-SharePoint_home/sharepoint_connection_wizard
The SharePoint Connection wizard starts.
The Login Details screen appears.
Specifies the Policy Server name or IP address.
Example: host_name:port_number
Note: Specify the Administration port number if the port number is different from the default port number 44444.
Specifies the Policy Server administrator username.
Specifies the Policy Server administrator password.
Specifies the name of the 4.x-compatible Agent object on your Policy Server. The connection with the Policy Server is established using the details given in the Agent Name.
Specifies the shared secret key associated with the 4.x-compatible Agent object on your Policy Server.
The Select Action screen appears.
The SharePoint Connection Properties screen appears.
Specifies the name of the policy domain you created in the Policy Server to protect your SharePoint resources.
Specifies a name for the SharePoint connection. This name is also used as the file name of the PowerShell script that the wizard creates.
Note: Use a unique name across all Resource Partners and SharePoint connections.
Specifies the port number associated with the predefined protected URL which the SharePoint connection wizard adds automatically. When users try accessing a protected SharePoint resource without a SiteMinder session, they are redirected to the Authentication URL.
If you are using a default port number (such as 80 for HTTP or 443 for HTTPS), delete the CA Portal setting from this field.
Note: We recommend using HTTPS on production environments and pages which handle user credentials, such as login pages.
Specifies a name for a SharePoint realm that uniquely identifies this connection between SiteMinder and SharePoint. This name is used to create the trusted identity provider.
Limits: Unique value across all SharePoint servers, farms and within the SiteMinder environment. This value cannot be used with any other identity providers.
Specifies the number of seconds used as a time difference between the Policy Server (token producer) and the SharePoint server (token consumer). This skew time accommodates for SharePoint connections using clocks that are acting as an account partner but are not synchronized with the Policy Server.
Note: This setting also affects the frequency of the SAML autopost operation.
Limits: Positive integers.
Specifies the number of seconds for which a session remains valid. If the validity duration expires, a logout message is generated, and the user associated with the invalid session is logged out.
Note: This setting also affects the frequency of the SAML autopost operation.
Specifies the alias used by the smkeydatabase to identify the private key associated with the certificate used by your Policy Server to sign the tokens.
Note: We recommended that the private key exists in the key database before you specify its associated alias in this field. Enter the following command on the Policy Server to list all the imported certificates to determine the appropriate Alias:
smkeytool -listCerts
Specifies the protection level assigned to the resource partner object created by the connection wizard. This protection level setting must be equal to or lower than the protection level assigned to the authentication scheme that protects your SharePoint resources.
Limits: 1-1000 (higher numbers indicate a higher protection level).
The Define User Identifier claim screen appears.
Specifies name of the attribute mapping in your user directory which identifies the unique value associated with each user.
Example: useridentifier
Specifies the directory attribute in your directory that is associated with the specified Identifier Claim name.
Example: (LDAP directory) uid
Example: (Active directory) sAMAccountName
The Define Additional claims screen appears.
Specifies an attribute name for one of the following claim types:
For multi-valued attributes, prefix FMATTR:
Example: (group-based claim) smusergroups
Example: (role-based claim) userrole
Example: (multi-valued attributes) FMATTR:LastName
Specifies an attribute value associated with the specified attribute name.
For group-based claims, use the friendly role of your groups. The people picker in SharePoint displays the description and distinguished name (DN) of the group. Permissions are tied to the DN of the group, not the friendly name.
Example: (LDAP directory group-based claim) description
Example: (LDAP directory role-based claim) employeeType
Example: (Active Directory group-based claim) name
Example: (Active Directory role-based claim) countryCode
The additional claim is defined.
The attribute details are saved and the Commit Details screen appears.
The Save Complete screen appears and shows location of your PowerShell script. The PowerShell script is created in the following directory:
Agent-for-SharePoint_home/sharepoint_connection_wizard/
The connection wizard uses the connection name you specified (in Step 8) as the name of the PowerShell script. For example, if you specify my_sharepoint_connnection for a connection name in the connection wizard, then name of the PowerShell script is my_sharepoint_connection.ps1.
The connection wizard closes.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |