obj.conf File Additions for UNIX Platforms

Installation and Upgrade Guides › Web Agent Installation Guide › Settings Added to the Sun Java System Server Configuration › obj.conf File Additions for UNIX Platforms

obj.conf File Additions for UNIX Platforms

When a Web Agent is configured to support an advanced authentication scheme, the Web Agent adds settings to the Sun Java System’s obj.conf file. SiteMinder does not remove these settings later if the Agent is reconfigured to support a different advanced authentication scheme. You must manually edit the obj.conf file to remove the settings that are no longer relevant.

Most of the additional lines in the file are added by the Web Agent installation program. Other lines (shown in bold) are added by the servlet engine that you configure for the JSP version of the SiteMinder Password Services.

The lines added by the servlet engine must come before the NameTrans fn functions added by the SiteMinder Web Agent.

In the following example of a modified obj.conf file, smhome represents the installed location of SiteMinder on your system:

Note: Some entries in your file may differ slightly from the example shown.

AuthTrans fn="SiteMinderAgent"

NameTrans fn="assign-name" from="*.jsp*" name="myservletengine"
NameTrans fn="assign-name" from="/servlet/*" name="myservletengine"
NameTrans fn="assign-name" from="/siteminderagent/pwservlet/*" name="servletengine"
NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="/smhome/siteminder/webagent/pw" name="cgi"
NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="/smhome/siteminder/webagent/pw"
NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="/smhome/siteminder/webagent/samples"
NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="/smhome/siteminder/webagent/jpw"
NameTrans fn="pfx2dir" from="/siteminderagent" dir="/smhome/siteminder/webagent/samples"

PathCheck fn="SmRequireAuth"
#SMSSL The line below should be uncommented for "cert" and "cert plus basic" schemes
PathCheck fn="get-client-cert" dorequest="1"
#SMSSL The line below should be uncommented for "cert or basic" or "cert or form" schemes
PathCheck fn="get-client-cert" require="0" dorequest="1"
#SMSSL Both of the above PathCheck lines should be commented out for "Basic Auth over SSL"

Service method="(GET|POST)" fn="SmAdvancedAuth"

The following items describe the content of the lines that are added to the obj.conf file:

The line that reads AuthTrans fn="SiteMinderAgent" is added to the default object (<Object name="default">). It sets up the SiteMinder Web Agent as the Authorization method, or AuthTrans function, for the Web server.
The line that reads NameTrans fn="assign-name" from=
"/siteminderagent/pwservlet/*" name="myservletengine" is a filter added by the Web Agent that maps the JSP Password Services servlet to the instance of the servlet engine so that engine can process it.
Most of the lines that begin NameTrans fn="pfx2dir" add virtual directories and mappings for the Agent to support SiteMinder’s Password Services (CGI and JSP versions).
The line that begins NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" is added if you chose to configure a certificate based authentication scheme.
The line that reads PathCheck fn="SmRequireAuth" is added to any existing PathCheck lines in the default object. It verifies that the user is authorized to perform the requested action on the requested resource.
The line that reads PathCheck fn="get-client-cert" dorequest="1" is added if, during configuration, you indicated that the Web Agent would support advanced authentication schemes. It supports the use of certificate, certificate plus basic, and certificate and forms authentication schemes.
The line that reads PathCheck fn="get-client-cert" require="0" dorequest="1" is added if, during configuration you indicated during installation that the Web Agent would support advanced authentication schemes. It supports the use of certificate or basic or the certificate or forms authentication schemes.
Note: Both PathCheck lines for advanced authentication should be commented out for "Basic Auth over SSL."
The lines that begin Service method are added to instruct the Web server what to do with the MIME types.