A trusted host is a client computer where one or more SiteMinder Web Agents can be installed. The term trusted host refers to the physical system.
To establish a connection between the trusted host and the Policy Server, you need to register the host with the Policy Server. After registration is complete, the registration tool creates the SmHost.conf file. After this file is created successfully, the client computer becomes a trusted host.
You can register a trusted host immediately after installing the Web Agent or at a later time; however, the host must be registered to communicate with the Policy Server.
Note: You only register the host once, not each time you install and configure a Web Agent on your system.
To register a trusted host
The default method is to select Start, Programs, SiteMinder, Web Agent Configuration Wizard. If you have placed the Wizard shortcut in a non-default location, the procedure will be different.
Note: If you chose to configure the Web Agent immediately after the installation, SiteMinder automatically starts the Configuration Wizard.
This administrator should already be defined at the Policy Server and have the permission Register Trusted Hosts set. The default administrator is SiteMinder.
To disable shared secret rollover or enable it at a later time, you have to re-register the trusted host, or use the Policy Management API in the C and Perl Scripting Interface to enable or disable shared secret rollover.
Note: This name must be unique among trusted hosts and not match the name of any other Web Agent.
This object defines the connection between the trusted host and the Policy Server. For example, to use the default, enter DefaultHostSettings. In most cases, you will have created your own Host Configuration Object.
Note: The entry you specify must match the Host Configuration Object entry set at the Policy Server.
You can specify a non-default port number, but if your Policy Server is configured to use a non-default port and you omit it when you register a trusted host, SiteMinder displays the following error:
Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1)
Note also that if you specify a non-default port, that port is used for the Policy Server's authentication, authorization, and accounting ports; however, the unified server responds to any Agent request on any port. The entry in the SmHost.conf file will look like:
policyserver="ip_address,5555,5555,5555"
You can add more than one Policy Sever; however, for host registration, only the first server in the list will be used.
If multiple Policy Servers are specified, the Agent uses them as bootstrap servers. When the Agent starts up, the Web Agent has several Policy Servers to which it can connect to retrieve its Host Configuration Object. After the Host Configuration Object is retrieved, the bootstrap Policy Server is no longer used by that server process. The Host Configuration Object can contain another set of servers, which may or may not include any of the bootstrap servers.
Specifies non-FIPS mode, which lets the Policy Server and the Agents read and write information using the existing SiteMinder encryption algorithms. If your organization does not require the use of FIPS-compliant algorithms, the Policy Server and the Agents can operate in non-FIPS mode without further configuration.
Specifies FIPS-migration mode, which is used when you are upgrading an earlier version of SiteMinder to full-FIPS mode. The Policy Server and the Agents continue to use the existing SiteMinder encryption algorithms as you migrate your environment to use only FIPS 140-2 approved algorithms.
Specifies full-FIPS mode, which requires that the Policy Server and Web Agents read and write information using only FIPS 140-2 algorithms.
Important! A SiteMinder r12.0 SP2 installation that is running in Full FIPS mode cannot interoperate with, or be backward compatible to, earlier versions of SiteMinder, including all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. You must re-link all such software with the r12.0 SP2 versions of the respective SDKs to achieve the required support for Full FIPS mode.
If you do not want to use FIPS encryption, accept the default.
If you select a non-default location then want to revert to the default directory, click Restore Default Folder.
The host is registered and a host configuration file, SmHost.conf, is created in web_agent_home/config. You can modify this file.
Indicates the directory where the Web Agent is installed.
Default (Windows installations): C:\Program Files\CA\webagent
Default (UNIX installations): /opt/ca/webagent
Copyright © 2006 CA. All rights reserved. | Email CA about this topic |