Policy Store Schema Considerations

Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Policy Store Schema Considerations

Policy Store Schema Considerations

When manually configuring a policy store on Windows, you can choose one of two .smdif files:

smpolicy.smdif
smpolicy-secure.smdif

While both files contain the default policy store objects that you import into the policy store, there are a couple of factors to consider when choosing the file that best fits the requirements of your production environment:

While smpolicy.smdif can be used with the Policy Server Configuration Wizard to automatically configure a policy store, smpolicy-secure.smdif can only be used to manually configure a policy store.
The file smpolicy-secure.smdif provides additional security through enhanced default web agent configuration parameters.

The following table summarizes the differences between the default web agent configuration parameters in the two files:

Parameter Name	Value in smpolicy.smdif	Value in smpolicy-secure.smdif
BadCssChars	No value	<, >, ', ;, ), (, &, +, %00
BadQueryChars	No value	<, >, ', ;, ), (, &, +, %00
BadUrlChars	//, ./, /., /, ., ~, \, %00-%1f, %7f-%ff, %25	smpolicy.smdif values plus: <, >, ', ;, ), (, &, +
IgnoreExt	.class, .gif, .jpg, .jpeg, .png, .fcc, .scc, .sfcc, .ccc, .ntc	smpolicy.smdif values plus .jsp
ValidTargetDomain	Note: This parameter does not exist in smpolicy.smdif.	Provide a valid redirection domain as follows: validtargetdomain=".example.com"

Note: Before using smpolicy-secure.smdif, you must initialize the new web agent configuration parameter: validtargetdomain.

Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.