CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Install CA SiteMinder® Federation Standalone › How to Run the CA SiteMinder® Federation Standalone Installation › Solaris 10 Security Properties File Requires Modifications

Solaris 10 Security Properties File Requires Modifications

CA SiteMinder® Federation Standalone cannot execute encryption and decryption properly on Solaris 10 systems if the default security provider configuration is in place.

To solve this problem, list the Sun provider (sun.security.provider.Sun) before the PKCS11 provider (sun.security.pkcs11.SunPKCS11) in the java.security properties file. This file is located in the lib/security directory of the JDK installation.

Modify the java.security file as follows:

security.provider.1=sun.security.provider.Sun

security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg

security.provider.3=sun.security.rsa.SunRsaSign

security.provider.4=com.sun.net.ssl.internal.ssl.Provider

security.provider.5=com.sun.crypto.provider.SunJCE

security.provider.6=sun.security.jgss.SunProvider

security.provider.7=com.sun.security.sasl.Provider

Considerations for the CA SiteMinder® Connector Libraries

The CA SiteMinder® Federation Standalone installation includes a CA SiteMinder® Connector that enables the federation product to share user identity information with CA SiteMinder®-protected applications. The Connector can be used with proxy or standalone deployment mode.

The smauthconnectors.zip file is included with the product installation for operation with the Connector. When you extract the libraries from the archive, you receive two versions of the Connector library:

Windows

smauthsmconnector.dll

smauthsmconnectorI18n.dll

Solaris/Linux:

libsmauthsmconnector.so

libsmauthsmconnectorI18n.so

The smauthsmconnector.dll and libsmauthsmconnector.so files are pre-12.52 libraries. The smauthsmconnectorI18n.dll and libsmauthsmconnectorI18n.so are the new libraries, which can handle international characters.

For CA SiteMinder® Federation Standalone and CA SiteMinder® to operate together, copy the appropriate library to the CA SiteMinder® Policy Server. The library belongs in one of the following Policy Server directories:

• Windows: policy_server_home\siteminder\bin
• Solaris/Linux: policy_server_home/siteminder/lib

The library that you copy is dependent on several considerations.

For new federation installations, follow these guidelines:

• To set up a connection with a pre-r12.51 Policy Server, copy the pre-12.52 library to the Policy Server. Do not use the new library.

  To set up a connection with a r12.51 Policy Server that must handle international characters, copy the new library to the Policy Server. Rename the library to the pre-12.52 name (smauthsmconnector.dll or libsmauthsmconnector.so).

• To set up a connection with an r12.52 or newer Policy Server, do not copy any library. The r12.52 or later Policy Server has the relevant library that is installed for the operating environment.

For existing pre-12.52 configurations to handle international characters, follow these guidelines:

• For a Policy Server that is pre-r12.51, the system cannot use the new library. Internationalization cannot be managed with a pre-r12.51 deployment.
• For a r12.51 Policy Server, back up the existing library and copy over the new library.

  Follow these steps:

  a. Stop the Policy Server.

  b. Make a backup copy of the existing library and give it a unique name, such as smauthsmconnector_bkup.dll.

  c. Copy the new library to the Policy Server.

  d. Rename it back to the pre-12.52 name (smauthsmconnector.dll or libsmauthsmconnector.so).

  e. Restart the Policy Server.