Agent Guide › Configure the SiteMinder Identity Asserter › Configure the SiteMinder Identity Asserter in WebLogic › Configure the SiteMinder Identity Asserter in WebLogic

Configure the SiteMinder Identity Asserter in WebLogic

Configure the Identity Asserter in the Security Realms Node in the WebLogic Server Administration Console.

1. Start the WebLogic server and the WebLogic Server Administration Console.
2. In the navigation frame on the left of the console, click the Security Realms node in the Domain Structure list.
3. Click on the name of the realm you are configuring (for example, myrealm).
4. Click the Providers tab.
5. If necessary, click the Authentication tab to display the Authentication Providers list.
6. (Optional) Delete the DefaultIdentityAsserter provider, if it is one of the authentication providers listed.
7. Click New to create a new Authentication Provider.
8. On the Create a New Authentication Provider page:
   • Specify a name for the Identity Asserter in the Name field. For example, SMIdentityAsserter
   • Select SiteMinderIdentityAsserter from the Type drop-down list.

   Note: If SiteMinderIdentityAsserter is not listed in the Type drop-down list, check the SiteMinder Agent installation to determine if it was successful.

9. Click OK to save the new Identity Asserter Provider.
10. Click the entry for your SiteMinder Identity Asserter in the Authentication Providers list to open it for editing:
    1. In the Active Types Chooser, Use the arrow key to move the SMSESSION and X.509 token types from the Available field to the Chosen field, as needed. Click Apply.

       Note: Each token type is handled by only one Identity Asserter. If you want the SiteMinder Identity Asserter to handle X.509 token types, be sure that no other Identity Asserter is configured to handle X.509 tokens.

    2. Click the Provider Specific subtab.
    3. In the Config File field, enter the location of the configuration file for the SiteMinder Identity Asserter.

       If you are using the default Agent configuration file (WebAgent.conf), the location is ASA_HOME/conf/WebAgent.conf. If you created a new Agent configuration file for the Identity Asserter, be sure to enter the location and file name of the file you created.

       You can use an absolute or relative path. If you use a relative path, the configuration file will be relative to the smasa.home/conf or relative to your current WebLogic Server working directory, WLS_HOME/user_projects/yourdomain.

    4. (Optional) In the User Name Attribute Mapper String field, specify an attribute in a user DN that stores a user name to be used only when the SiteMinder session cookie does not contain a NAME attribute.

       When the Identity Asserter receives a token that does not contain a NAME attribute through perimeter authentication, it extracts the user name from the specified attribute in the user DN and maps it to a user in the WebLogic user directory.

       For example, if the user DN is uid=jsmith, ou=myorganization, o=mycompany.com, and you specify uid in the User Name Attribute Mapper String field, the user name jsmith is passed to WebLogic.

11. Click Save.
12. If you have finished configuring SiteMinder Agent Providers, restart the WebLogic server for the changes to take effect.

    If you are configuring additional SiteMinder Agent Providers, you can restart the WebLogic server after all of the configuration steps are complete.