CA SiteMinder® Federation Standalone Guide › CA SiteMinder® Integration with CA SiteMinder® Federation Standalone › How to Integrate CA SiteMinder® Federation Standalone and CA SiteMinder® › Configure a Policy to Generate a Session at Each Site

Configure a Policy to Generate a Session at Each Site

The CA SiteMinder® Connector enables CA SiteMinder® Federation Standalone to work with an existing Policy Server. The first step is to configure a policy. At the asserting party, the policy generates a federation session. At the relying party, the policy generates a CA SiteMinder® session. Though this policy functions as any other policy, its main objective is to trigger a session, not to protect resources.

Note: Configure a policy at the asserting and the relying party.

The policy requires that you configure the typical policy objects; however, you apply a custom CA SiteMinder® Connector authentication scheme. This policy is specific to the Connector setup.

To configure the Policy Server objects, see the Policy Server Configuration Guide.

Important! Complete the following steps at the Policy Server before configuring the Connector.

Follow these steps:

1. Unzip the smauthconnectors.zip archive on your federation system. This archive is included with the federation product kit.
2. Select the correct custom authentication scheme library for your CA SiteMinder® operating environment:
   • Windows: smauthsmconnector.dll
   • Solaris/Linux: libsmauthsmconnector.so

     Note: The name is case-sensitive on UNIX platforms.

3. Copy the library to the appropriate Policy Server directory on the CA SiteMinder® system:
   • Windows: policy_server_home/siteminder/bin
   • Solaris/Linux: policy_server_home/siteminder/lib
4. Log on to the CA SiteMinder® Administrative UI.
5. Create a Web Agent that represents the federation system. For example, name it Federation Agent.

   Important! Do not select the option for supporting 4.x agents.

6. Create an Agent Configuration Object, which specifies the Agent configuration, and specify a value for the DefaultAgentName setting. This setting alone is sufficient for the object.
7. Create a Host Configuration Object.

   The Host Configuration Object defines the connection between a trusted host and the Policy Server. To integrate the federation system and the Policy Server, the Host Configuration Object defines the Policy Server to which the federation system can connect.

   For the federation system to connect to one or more Policy Servers in an existing Host Configuration Object, use that object. Otherwise, create one for the federation-to-Policy Server-connection.

8. Create a custom Connector authentication scheme with the following values:

   Library

   smauthsmconnector

   This value is case-sensitive.

   Secret

   alphanumeric string

   The value for this field must match the value Shared Secret value in the Connector settings in the Administrative UI.

9. Create a policy domain for the federation product. This domain must contain the necessary realm and resource that you add to the policy to create a CA SiteMinder® session.
10. Add the user directory that is used by the federation system and the Policy Server to the domain you configured.
11. Create a realm with the following values:

    Agent

    Specify the Web Agent from the previous step.

    Resource Filter

    Specify a dummy directory, such as /federation/. This directory does not have to exist on a web server.

    Authentication Scheme

    Enter the name that you gave to the custom authentication scheme created previously.

12. Create a rule with the following values:

    Resource

    *

    Action

    Web Agent—Get and Post

13. Create a policy with the following settings:

    Users

    Specify the users from the user directory that the federation system and CA SiteMinder® share.

    Rules

    Add the rule that is created for the Connector.

You now have a policy that generates a CA SiteMinder® session when communicating with CA SiteMinder® Federation Standalone.