CA SiteMinder® Federation Standalone Guide › Federation System Administration › Deployment Settings › CA SiteMinder® Connector Settings

CA SiteMinder® Connector Settings

The CA SiteMinder® Connector lets CA SiteMinder® Federation Standalone integrate with a CA SiteMinder® environment for federated communication.

At the asserting party, the CA SiteMinder® Connector can work with CA SiteMinder® as a third-party WAM for delegated authentication. At the relying party, CA SiteMinder® can protect the server where the target resources reside. If CA SiteMinder® is performing access control, the CA SiteMinder® Connector contacts the Policy Server to establish a CA SiteMinder® session so that CA SiteMinder® grants the user access to the target resource.

For CA SiteMinder® Federation Standalone to operate with CA SiteMinder®, configure the CA SiteMinder® Connector settings in the Administrative UI.

All partnerships that use the CA SiteMinder® Connector use a single configuration and connect to a single CA SiteMinder® environment. Define the Connector configuration in the Deployment Settings of the Administrative UI. To enable the Connector for a given partnership, enable it at the partnership level. Disable the Connector at the partnership level or globally by disabling it in the Deployment Settings.

Important! If the Connector is disabled at the global level, CA SiteMinder® Federation Standalone ignores the check box at the partnership level.

Follow these steps:

1. Log in to the Administrative UI.
2. Select a partnership from the Federated Partnerships list.

   The Partnership dialog opens.

3. Do one of the following:
   1. At the relying party, navigate to the User Identification step in the Partnership wizard.
   2. At the asserting party, navigate to the Federation Users step in the Partnership wizard.
4. Select the Enable SiteMinder Connector check box.

   The configuration fields become available.

5. (Optional) Select the Enforce UserDN Comparison check box. Selecting this check box forces a comparison of the UserDN and UserDirectory Name entries between the user directory at CA SiteMinder® Federation Standalone and the directory at CA SiteMinder®.

   If you select this check box, the user directory for the CA SiteMinder® Federation Standalone deployment and the CA SiteMinder® deployment must be the same physical directory. The name for both of these directories must be the same for user store lookups. If you clear the check box, CA SiteMinder® Federation Standalone uses the Universal ID to find the user record so the directories do not have to be the same. If you rely on the Universal ID, each user must have a unique Universal ID. If the Universal IDs are not unique, the system accessing the user record can retrieve the wrong record.

6. Save your changes.
7. Navigate to the Infrastructure tab.
8. From the Infrastructure tab, select Deployment Settings.

   The Configure Deployment Settings dialog opens.

9. Fill in all the fields in the CA SiteMinder® Connector Settings section.

   Note: Click Help for a description of fields, controls, and their respective requirements.

10. Select Register Host and provide the administrator credentials for the CA SiteMinder® Policy Server.

    This step registers CA SiteMinder® Federation Standalone as an Agent with the CA SiteMinder® Policy Server.

    Note: You can configure failover support for the host registration process by specifying more than one Policy Server. If the registration with the primary Policy Server fails, CA SiteMinder® Federation Standalone moves to the next Policy Server specified until the registration process completes successfully.

11. Select Save in the SiteMinder Connector Settings section of the dialog.

    Selecting Save in the CA SiteMinder® Connector Settings section is necessary after registering the host.

12. Restart the federation services according to your operating environment.
    • Windows

      Use the stop and start shortcuts as follows. If you logged in as a network user and not a local administrator, right-click the shortcut and select Run as administrator.

      1. Start, All Programs, CA, Federation Standalone, Stop services
      2. Start, All Programs, CA, Federation Standalone, Start services
    • UNIX

      a. Open a command window.

      b. Run the following scripts:

      federation_install_dir/fedmanager.sh stop

      federation_install_dir/fedmanager.sh start

      Note: Do not stop and start the services as the root user.

The CA SiteMinder® Connector configuration is complete.