|
|
|
Before you install the Web Agent, the Policy Server must be installed and be able to communicate with the system where you plan to install the Web Agent.
To centrally manage Agents, you configure the following using the Policy Server User Interface:
A trusted host is a client computer where one or more SiteMinder Web Agents are installed. The term trusted host refers to the physical system. There must be an administrator with the privilege to register trusted hosts.
Note: To configure an administrator, see the Administrators chapter of the Policy Design guide.
An Agent identity establishes a mapping between the name and the IP address of the web server instance hosting a Web Agent. You define an Agent identity from the Agents object in the Policy Server User interface. You assign it a name and specify the Agent type as a Web Agent.
The name you assign for the Agent is the same name you specify in the DefaultAgentName parameter for the Agent Configuration Object that you must also define to centrally manage an Agent.
This object defines the communication between the trusted host and the Policy Server after the initial connection between the two is made.
A trusted host is a client computer where one or more SiteMinder Web Agents can be installed. The term trusted host refers to the physical system.
Do not confuse this object with the trusted host’s configuration file, SmHost.conf, which is installed at the trusted host after a successful host registration. The settings in the SmHost.conf file enable the host to connect to a Policy Server for the first connection only. Subsequent connections are governed by the Host Configuration Object.
Note: More information on the host configuration object exists in the Policy Design guide.
This object includes the parameters that define the Web Agent configuration. There are a few required parameters you must set for basic operation described below.
Note: To read more about this object, see the Agents and Agent Groups chapter of Policy Design guide.
The Agent Configuration Object must include a value for the DefaultAgentName. This entry should match an entry you defined in the Agents object.
The DefaultAgentName identifies the Agent identity that the Web Agent uses when it detects an IP address on its Web server that does not have an Agent identity assigned to it.
The Agent Configuration Object must include values for the following parameters:
DominoDefaultUser-If the user is not in the Domino Directory, and they have been authenticated by SiteMinder against another user directory, this is the name by which the Domino Web Agent identifies that user to the Domino server. This value can be encrypted.
DominoSuperUser-Ensures that all users successfully logged into SiteMinder will be logged into Domino as the Domino SuperUser. This value can be encrypted.
The Agent Configuration Object must include values for the DefaultUserName and DefaultPassword parameters.
The DefaultUserName and DefaultPassword identify an existing NT user account that has sufficient privileges to access resources on an IIS Web server protected by SiteMinder. When users want to access resources on an IIS Web server protected by SiteMinder, they may not have the necessary server access privileges. The Web Agent must use this NT user account, which is assigned by an NT administrator, to act as a proxy user account for users granted access by SiteMinder.
If you plan to use the NTLM authentication scheme, or enable the Windows User Security Context feature, do not specify values for these IIS Web Agent parameters.
Note: For instructions about configuring Agents at the Policy Server, see the Policy Design guide. For Agent parameter descriptions, see the Web Agent Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |