Installation and Upgrade Guides › Web Agent Installation Guide › Install a Web Agent on a Windows System › Register Your System as a Trusted Host on Windows

Register Your System as a Trusted Host on Windows

A trusted host is a client computer where one or more SiteMinder Web Agents can be installed. The term trusted host refers to the physical system.

To establish a connection between the trusted host and the Policy Server, you need to register the host with the Policy Server. After registration is complete, the registration tool creates the SmHost.conf file. After this file is created successfully, the client computer becomes a trusted host.

You can register a trusted host immediately after installing the Web Agent or at a later time; however, the host must be registered to communicate with the Policy Server.

Note: You only register a system as a trusted host once, not each time you install and configure a Web Agent. If the Web Agent Configuration Wizard detects that a trusted host has been registered on that system previously, a warning appears.

To register a trusted host

1. If necessary, start the Web Agent Configuration Wizard.

   The default method is to select Start, Programs, SiteMinder, Web Agent Configuration Wizard. If you have placed the Wizard shortcut in a non-default location, the procedure will be different.

   Important! If you are running this wizard on Windows Server 2008, run the executable file with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the release notes for your SiteMinder component.

   Note: If you chose to configure the Web Agent immediately after the installation, SiteMinder automatically starts the Configuration Wizard.

2. In the Host Registration dialog box:
   1. Select Yes to register a host now or No to register the host at a later time.
   2. Do not select the following check box (SiteMinder r6.0 SP6 does not support this feature):

      Enable PKCS11 DLL Cryptographic Hardware
      

   3. Click Next.
3. In the Admin Registration dialog box, complete the following fields to identify an administrator with the rights to register a trusted host, then click Next:
   • Admin User Name—enter the name of the administrator allowed to register the host with the Policy Server.

     This administrator should already be defined at the Policy Server and have the permission Register Trusted Hosts set. The default administrator is SiteMinder.

   • Admin Password—enter the administrator’s password.
   • Confirm Admin Password—re-enter the password.
   • Enabled Shared Secret Rollover—check this box to periodically change the shared secret used to encrypt communication between the trusted host and the Policy Server. Key rollover must be enabled at the Policy Server for this feature to work.

     To disable shared secret rollover or enable it at a later time, you have to re-register the trusted host, or use the Policy Management API in the C and Perl Scripting Interface to enable or disable shared secret rollover.

4. In the Trusted Host Name and Configuration Object dialog box, enter values for the two fields then click Next.
   1. In the Trusted Host Name field, enter a unique name that represents the trusted host to the Policy Server. This name does not have to be the same as the physical client system that you are registering; it can be any unique name, for example, mytrustedhost.

      Note: This name must be unique among trusted hosts and not match the name of any other Web Agent.

   2. In the Host Configuration Object field, enter the name of the Host Configuration Object specified in the Policy Server, then click Next.

      This object defines the connection between the trusted host and the Policy Server. For example, to use the default, enter DefaultHostSettings. In most cases, you will have created your own Host Configuration Object.

      Note: The entry you specify must match the Host Configuration Object entry set at the Policy Server.

5. In the Policy Server IP Address dialog box:
   1. Enter the IP address, or host name, and the authentication port of the Policy Server where you are registering the host. The default port is 44442. If you do not provide a port, the default is used.

      You can specify a non-default port number, but if your Policy Server is configured to use a non-default port and you omit it when you register a trusted host, SiteMinder displays the following error:

      Registration Failed (bad ipAddress[:port] or unable to connect to Authentication server (-1)

      Note also that if you specify a non-default port, that port is used for the Policy Server’s authentication, authorization, and accounting ports; however, the unified server responds to any Agent request on any port. The entry in the SmHost.conf file will look like:

      policyserver="ip_address,5555,5555,5555"

   2. Click Add.

      You can add more than one Policy Sever; however, for host registration, only the first server in the list will be used.

      If multiple Policy Servers are specified, the Agent uses them as bootstrap servers. When the Agent starts up, the Web Agent has several Policy Servers to which it can connect to retrieve its Host Configuration Object. After the Host Configuration Object is retrieved, the bootstrap Policy Server is no longer used by that server process. The Host Configuration Object can contain another set of servers, which may or may not include any of the bootstrap servers.

   3. Click Next.
6. Accept the default location of the host configuration file, SmHost.conf or click Choose to select a different location. Click Next.

   If you select a non-default location then want to revert to the default directory, click Restore Default Folder.

   The host is registered and a host configuration file, SmHost.conf, is created in web_agent_home/config. You can modify this file.

   Note: The web_agent_home variable indicates the installed location of the Web Agent, as shown in the following examples:

   • For Windows installations, the default location is C:\Program Files\netegrity\webagent
   • For UNIX installations, the default location is user_home_directory/netegrity/webagent
   • For z/OS installations, the default location is /siteminder/v_number_of_version/webagent/
7. Click Continue.
8. Continue with the configuration by doing the following appropriate tasks:
   • Configure an IIS Web Agent
   • Configure a Sun Java System Web Agent
   • Configure an Apache Web Agent
   • Configure a Domino Web Agent

More Information

Configure a SiteMinder Agent for IIS or Web Agent on an IIS Web Server

Configure an Oracle iPlanet Web Agent

Configure an Apache Web Agent

Configure a Domino Web Agent

Modify the SmHost.conf File (UNIX)