|
|
|
In this set up, the SiteMinder Agent requires the SiteMinder Administrator credentials and the SiteMinder user directory structure configured within the Authentication Realm to gather user and group information. In the Agent Configuration Object, you set the credentials using the SMAdminUserName and SMAdminUserPassword parameters and configure this structure using the SmUserDirectory multivalued parameter.
We recommend that you set these parameters centrally in the Agent Configuration Object using the Administrative UI because the SiteMinder administrator password cannot be encrypted in the WebAgent.conf file. Using this interface, you can encrypt this password in the Agent Configuration Object stored in the policy store.
Note: The following procedure provides an overview of the steps required to create the required policy objects with appropriate parameter settings. For detailed procedural information, see the Policy Server Configuration Guide.
To modify the Agent Configuration Object in the Policy Store
|
Parameter Name |
Value |
Description |
|---|---|---|
|
SMAdminUserName
|
SiteMinder administrator user name
|
User name of the Administrator with full permissions to manage all SiteMinder domain objects and users. |
|
SMAdminUserPassword |
Encrypted password |
The encrypted administrator password |
Directory_Type, LDAP_User_Directory_Name, usernameobjectclass, username-field, username-description, groupname-objectclass, groupname-attribute, groupname-description
|
Variable |
Description |
Example Value |
|---|---|---|
|
Directory_Type
|
Type of directory, which could be either DMS or IMS. Specify DMS if you are not using CA Identity Manager. |
DMS |
|
LDAP_User_Directory_Name |
Name of the SiteMinder user directory configured in the Policy Server. |
MyLDAPUserDirectory |
|
username-objectclass |
User object class. |
inetorgperson^person |
|
username-field |
User name field. |
uid |
|
username-description |
User name description. |
description |
|
groupname-objectclass |
Group name object class. |
groupofuniquenames |
|
groupname-attribute |
Group name attribute. |
cn |
|
groupname-description |
Group name description. |
description |
Important! Values containing a comma can be concatenated using the ^ symbol. For example, inetorgperson, person becomes inetorgperson^person as in the following sample Value field entry: DMS, MyLDAPUserDirectory, inetorgperson^person, uid, description, groupofuniquenames, cn, description
Note: Because SmUserDirectory can be a multivalued parameter, you can configure more than one user directory in the Agent Configuration Object. You can use multiple parameters to declare more than one DMS configuration or CA Identity Manager environment.
The modified CLASSPATH variable should resemble the following on Windows:
set SMASA_CLASSPATH=%ASA_HOME%\conf;
%ASA_HOME%\lib\smagentapi.jar;%ASA_HOME%\lib\sm_cryptoj.jar;
%ASA_HOME%\lib\smclientclasses.jar;%ASA_HOME%\lib\smjavasdk2.jar;
set CLASSPATH=%SMASA_CLASSPATH%;%WEBLOGIC_CLASSPATH%;
%POINTBASE_CLASSPATH%;%JAVA_HOME%\jre\lib\rt.jar;
%WL_HOME%\server\lib\webservices.jar;%CLASSPATH%
The modified CLASSPATH variable should resemble the following on UNIX:
SMASA_CLASSPATH=$ASA_HOME\conf;
$ASA_HOME\lib\smagentapi.jar;$ASA_HOME\lib\sm_cryptoj.jar;
$ASA_HOME\lib\smclientclasses.jar;$ASA_HOME\lib\smjavasdk2.jar;
CLASSPATH=$SMASA_CLASSPATH%;$WEBLOGIC_CLASSPATH;
$POINTBASE_CLASSPATH%;$JAVA_HOME\jre\lib\rt.jar;
$WL_HOME\server\lib\webservices.jar;$CLASSPATH
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |