Agent Configuration Parameters

Agent Guide › SiteMinder Agent Installation and Configuration Files › Modify Configuration Files › Agent Configuration Parameters

Agent Configuration Parameters

Agent configuration settings are defined in two locations:

Agent Configuration Object—If you are using central agent configuration, holds parameters for the SiteMinder Agent . Agent configuration always begins with the creation of the Agent Configuration Object, which you create using the Administrative UI.
Note: The SiteMinder Agent for Oracle WebLogic does not use the same agent configuration parameters as a SiteMinder Web Agent and even where parameters have similar names their values may not be compatible. Do not attempt to use the Agent Configuration Object for a SiteMinder Web Agent for the SiteMinder Agent for WebLogic.
Agent Configuration file (WebAgent.conf)—Holds parameters for each Web Agent in a text file. You can create a separate Agent Configuration file for each SiteMinder Agent security provider to set different parameters for each provider. See Set Up the Agent Configuration File (WebAgent.conf).
The default WebAgent.conf file is located in the following directory:

Windows: C:\smwlsasa\conf

UNIX: /opt/smwlsasa/conf

The following table describes the configuration parameters that apply to the SiteMinder Agent. With few exceptions (noted in this table), each parameter is valid for the Agent Configuration Object or the Agent configuration file. If you modify nondynamic parameters, then you must restart the WebLogic Server for the changes to take effect; modifying dynamic parameters does not require a restart.

Parameter Name	Value	Description
AcceptTPCookie (Dynamic; Identity Asserter only)	yes or no	Single sign-on requires a single sign-on cookie. By default, this cookie is created and written to the user's browser by SiteMinder or by a custom agent. To enable support for SDK third-party cookies, set the AcceptTPCookie to yes.
AgentConfigObject (Not dynamic) (Applies only in Agent configuration file)	String	The name of the Agent configuration object.
AllowLocalConfig (Not dynamic) (Applies only in Agent Configuration Object)	yes or no	If AllowLocalConfiguration is set to yes, parameters set locally in the Agent configuration file take precedence over parameter settings in the Agent Configuration Object. If you want to configure a separate log for each provider, set AllowLocalConfiguration to yes. See Configure a SiteMinder Agent Provider Log for Each SiteMinder Agent Provider for more information.
AuthCacheSize (Dynamic)	Number	Maximum size of the Authentication cache. When the maximum size is reached, new entries replace the least recently used entries. The default value is 0.
AzCacheSize (Dynamic; Authorization Provider only)	Number	Maximum size of the Authorization cache. When the maximum size is reached, new entries replace the least recently used entries. The default value is 0.
CacheTimeout (Dynamic)	Number	The life time (in seconds) of cache entries. Note: This setting applies to all caches.
ChallengeForCredentials (Dynamic; Identity Asserter only)	yes or no	Specifies whether the SiteMinder Identity Asserter challenges for credentials. Default is NO.
DefaultAgentName (Dynamic)	String	The name of the Agent identity that you created in Configure the SiteMinder Policy Server for the SiteMinder Agent Providers.
EnableWebAgent (Not Dynamic) (Applies only in Agent configuration file)	yes or no	Enables the SiteMinder Agent. If you create a separate Agent configuration file for each provider, enable the Provider in each configuration file.
EncryptAgentName (Dynamic; Identity Asserter only)	yes or no	Specifies whether the agent name is encrypted when redirecting to the SiteMinder Web Agent for SiteMinder IA credential collection. Must match the value of the same parameter on the Web Agent responsible for advanced authentication. Default is NO.
FccCompatMode (Dynamic; Identity Asserter only)	no	Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example: fcccompatmode="NO"
filterdomainname (Dynamic)	yes or no	To have the SiteMinder Agent remove the domain name from the user ID string before asserting an identity, set the filterdomainname parameter to yes. Setting the value to yes allows the SiteMinder Agent to use an NTLM authentication scheme because the user identity passed from a Web Agent on a front-end proxy server to the SiteMinder Identity Asserter contains the domain name when using this authentication scheme. The default value is no.
HostConfigFile (Not Dynamic) (Applies only in Agent configuration file)	String	The name of the Host Configuration Object that you created in Configure the SiteMinder Policy Server for the SiteMinder Agent Providers.
IgnoreExt (Dynamic; Authorization Provider only)	Comma-separated string	Specifies common file extensions (.gif, .jpg, .jpeg, .png, and .class) that the Authorization Provider can ignore. The Authorization Provider passes requests for files with these extensions directly to WebLogic without authorization. Use this parameter to specify extensions of files that do not require as much security as other resources.
IgnoreQueryData (Dynamic; Identity Asserter only)	yes or no	Specifies whether the SiteMinder Agent will cache the entire URL (including the query strings) and send the entire URI to the Policy Server for rule processing. Must match the value of the same parameter on the Web Agent responsible for advanced authentication. Default is NO.
LegacyEncoding (Dynamic; Identity Asserter only)	no	Specifies whether to replace any dollar sign ($) characters in legacy URLs with a hyphen (-), which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example: legacyencoding="NO"
LogAppend (Dynamic)	yes or no	To add logging information to an existing log file instead of rewriting the entire file each time logging is invoked, set the LogAppend parameter to yes. The default LogAppend value is no. Note: To use the LogAppend parameter, also specify the LogFile and LogFileName parameters.
LogConsole (Dynamic)	yes or no	To display log messages in a Command Prompt window, set the LogConsole parameter to yes. The default LogConsole value is no. Before you enable this option on an iPlanet Web Server, change the iPlanet service to interact with the desktop.
LogFile (Dynamic)	yes or no	Determines whether messages are written to a file. The default LogFile value is no. If you set the Logfile parameter to yes, be sure to specify the location of the log file in the LogFileName parameter.
LogFileName (Dynamic)	String	Location and file name of the file where the SiteMinder Agent writes messages if the Logfile parameter is set to yes.
LogLevel (Dynamic)	Numbers 0-5	Determines the amount and type of information that is logged in a file or a console window. The log levels are: 0—No log messages, however, a log file is created. 1—Fatal messages 2—Error messages 3—Warning messages 4—Information messages 5—Trace messages The default log level is 0.
LogRollover (Dynamic)	yes or no	Determines whether the SiteMinder Agent starts a new log file after a specified period or when the log file reaches a certain size. If set to yes, a new log file is created after the amount of time specified in the LogRolloverTime parameter, or after the log reaches the size specified in the LogRolloverSize parameter. The default LogRollover value is no.
LogRolloverSize (Dynamic)	Number of kilobytes (Kb)	Indicates the maximum size of the log file before the SiteMinder Agent creates a new log file. The default is 10 MB (10240 KB). Note: The LogRollover parameter must be set to yes for this parameter to apply.
LogRolloverTime (Dynamic)	Number of hours	Indicates when the SiteMinder Agent creates a new log file. For example, specify 1 to create a new log file every hour; specify 168 to create a new log file every week; and specify 720 to create a new log file every month. The default value is 12 hours. Note: The LogRollover parameter must be set to yes for this parameter to apply.
PersistentCookies (Dynamic; Identity Asserter only)	yes or no	Specifies whether the agent allows single sign-on for multiple browser sessions. When PersistentCookies is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions. Default is NO.
ResourceCacheSize (Dynamic)	Number	The maximum number of resource cache entries that the Agent tracks. When the maximum number of entries is reached, new records replace the oldest records. The default value is 1000 entries for IIS and Domino and 750 entries for Apache and iPlanet. If you set this value to a high number, be sure that sufficient server memory is available.
ServerErrorFile (Dynamic; Identity Asserter only)	String	Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example: servererrorfile="http://server.ca.com:88/errorpage.html" If this setting is not configured, a default message is output to the response when the IA encounters an error. The default message is "SiteMinder Agent encountered an error while handling request. Please ask the administrator to look for messages in the agent log to check for the cause."
SMUserDirectory (Not Dynamic)	String	The user directory structures used in the SiteMinder provider authentication realm.
SMAdminUserName (Not Dynamic)	String	The user name of the SiteMinder administrator created during the Policy Server installation who has full permissions to manage all SiteMinder domain objects and users.
SMAdminUserPassword (Not Dynamic)	Encrypted string value	The encrypted password for the SiteMinder administrator. Warning! This password can only be encrypted in the Agent Configuration Object in the Policy Server User Interace and not in the WebAgent.conf file.

Parameter Name

Value

Description

AcceptTPCookie

(Dynamic; Identity Asserter only)

yes or no

Single sign-on requires a single sign-on cookie. By default, this cookie is created and written to the user's browser by SiteMinder or by a custom agent.

To enable support for SDK third-party cookies, set the AcceptTPCookie to yes.

AgentConfigObject

(Not dynamic)

(Applies only in Agent configuration file)

String

The name of the Agent configuration object.

AllowLocalConfig

(Not dynamic)

(Applies only in Agent Configuration Object)

yes or no

If AllowLocalConfiguration is set to yes, parameters set locally in the Agent configuration file take precedence over parameter settings in the Agent Configuration Object.

If you want to configure a separate log for each provider, set AllowLocalConfiguration to yes.

See Configure a SiteMinder Agent Provider Log for Each SiteMinder Agent Provider for more information.

AuthCacheSize

(Dynamic)

Number

Maximum size of the Authentication cache. When the maximum size is reached, new entries replace the least recently used entries.

The default value is 0.

AzCacheSize

(Dynamic; Authorization Provider only)

Number

Maximum size of the Authorization cache. When the maximum size is reached, new entries replace the least recently used entries.

The default value is 0.

CacheTimeout

(Dynamic)

Number

The life time (in seconds) of cache entries.

Note: This setting applies to all caches.

ChallengeForCredentials

(Dynamic; Identity Asserter only)

yes or no

Specifies whether the SiteMinder Identity Asserter challenges for credentials.

Default is NO.

DefaultAgentName

(Dynamic)

String

The name of the Agent identity that you created in Configure the SiteMinder Policy Server for the SiteMinder Agent Providers.

EnableWebAgent

(Not Dynamic)

(Applies only in Agent configuration file)

yes or no

Enables the SiteMinder Agent. If you create a separate Agent configuration file for each provider, enable the Provider in each configuration file.

EncryptAgentName

(Dynamic; Identity Asserter only)

yes or no

Specifies whether the agent name is encrypted when redirecting to the SiteMinder Web Agent for SiteMinder IA credential collection. Must match the value of the same parameter on the Web Agent responsible for advanced authentication.

Default is NO.

FccCompatMode

(Dynamic; Identity Asserter only)

Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example:

fcccompatmode="NO"

filterdomainname

(Dynamic)

yes or no

To have the SiteMinder Agent remove the domain name from the user ID string before asserting an identity, set the filterdomainname parameter to yes. Setting the value to yes allows the SiteMinder Agent to use an NTLM authentication scheme because the user identity passed from a Web Agent on a front-end proxy server to the SiteMinder Identity Asserter contains the domain name when using this authentication scheme.

The default value is no.

HostConfigFile

(Not Dynamic)

(Applies only in Agent configuration file)

String

The name of the Host Configuration Object that you created in Configure the SiteMinder Policy Server for the SiteMinder Agent Providers.

IgnoreExt

(Dynamic; Authorization Provider only)

Comma-separated string

Specifies common file extensions (.gif, .jpg, .jpeg, .png, and .class) that the Authorization Provider can ignore. The Authorization Provider passes requests for files with these extensions directly to WebLogic without authorization. Use this parameter to specify extensions of files that do not require as much security as other resources.

IgnoreQueryData

(Dynamic; Identity Asserter only)

yes or no

Specifies whether the SiteMinder Agent will cache the entire URL (including the query strings) and send the entire URI to the Policy Server for rule processing. Must match the value of the same parameter on the Web Agent responsible for advanced authentication.

Default is NO.

LegacyEncoding

(Dynamic; Identity Asserter only)

Specifies whether to replace any dollar sign ($) characters in legacy URLs with a hyphen (-), which the SiteMinder IA does not support. Therefore set this parameter to NO for both the SiteMinder IA and the Web Agent responsible for advanced authentication. For example:

legacyencoding="NO"

LogAppend

(Dynamic)

yes or no

To add logging information to an existing log file instead of rewriting the entire file each time logging is invoked, set the LogAppend parameter to yes.

The default LogAppend value is no.

Note: To use the LogAppend parameter, also specify the LogFile and LogFileName parameters.

LogConsole

(Dynamic)

yes or no

To display log messages in a Command Prompt window, set the LogConsole parameter to yes.

The default LogConsole value is no.

Before you enable this option on an iPlanet Web Server, change the iPlanet service to interact with the desktop.

LogFile

(Dynamic)

yes or no

Determines whether messages are written to a file.

The default LogFile value is no.

If you set the Logfile parameter to yes, be sure to specify the location of the log file in the LogFileName parameter.

LogFileName

(Dynamic)

String

Location and file name of the file where the SiteMinder Agent writes messages if the Logfile parameter is set to yes.

LogLevel

(Dynamic)

Numbers 0-5

Determines the amount and type of information that is logged in a file or a console window. The log levels are:

0—No log messages, however, a log file is created.

1—Fatal messages

2—Error messages

3—Warning messages

4—Information messages

5—Trace messages

The default log level is 0.

LogRollover

(Dynamic)

yes or no

Determines whether the SiteMinder Agent starts a new log file after a specified period or when the log file reaches a certain size.

If set to yes, a new log file is created after the amount of time specified in the LogRolloverTime parameter, or after the log reaches the size specified in the LogRolloverSize parameter.

The default LogRollover value is no.

LogRolloverSize

(Dynamic)

Number of kilobytes (Kb)

Indicates the maximum size of the log file before the SiteMinder Agent creates a new log file.

The default is 10 MB (10240 KB).

Note: The LogRollover parameter must be set to yes for this parameter to apply.

LogRolloverTime

(Dynamic)

Number of hours

Indicates when the SiteMinder Agent creates a new log file. For example, specify 1 to create a new log file every hour; specify 168 to create a new log file every week; and specify 720 to create a new log file every month.

The default value is 12 hours.

Note: The LogRollover parameter must be set to yes for this parameter to apply.

PersistentCookies

(Dynamic; Identity Asserter only)

yes or no

Specifies whether the agent allows single sign-on for multiple browser sessions. When PersistentCookies is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions.

Default is NO.

ResourceCacheSize

(Dynamic)

Number

The maximum number of resource cache entries that the Agent tracks. When the maximum number of entries is reached, new records replace the oldest records. The default value is 1000 entries for IIS and Domino and 750 entries for Apache and iPlanet.

If you set this value to a high number, be sure that sufficient server memory is available.

ServerErrorFile

(Dynamic; Identity Asserter only)

String

Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example:

servererrorfile="http://server.ca.com:88/errorpage.html"

If this setting is not configured, a default message is output to the response when the IA encounters an error. The default message is "SiteMinder Agent encountered an error while handling request. Please ask the administrator to look for messages in the agent log to check for the cause."

SMUserDirectory

(Not Dynamic)

String

The user directory structures used in the SiteMinder provider authentication realm.

SMAdminUserName

(Not Dynamic)

String

The user name of the SiteMinder administrator created during the Policy Server installation who has full permissions to manage all SiteMinder domain objects and users.

SMAdminUserPassword

(Not Dynamic)

Encrypted string value

The encrypted password for the SiteMinder administrator.

Warning! This password can only be encrypted in the Agent Configuration Object in the Policy Server User Interace and not in the WebAgent.conf file.

More Information

Set Log Levels

Enable and Disabe the SiteMinder Identity Asserter

Enable and Disable the Authentication Provider

Enable and Disable the Authorization Provider

Enable and Disable the Adjudication Provider

Email CA about this topic