Agent GuideConfiguring the SiteMinder Agent, SiteMinder-SideConfigure the Login Module, SiteMinder-SideConfigure the Login Module to Handle System Login Requests › Creating a Realm for System Login (J2EE RunAs Identity) Requests

Previous Topic: Set the SystemAuthResource Agent Configuration Parameter

Next Topic: Login Module-Specific Agent Configuration Parameter Summary
Creating a Realm for System Login (J2EE RunAs Identity) Requests

You must create a realm in which the Login Module authenticates identities associated with System Login requests for EJB container resources.

Note: The following procedure provides an overview of the steps required to create the required policy objects with appropriate parameter settings. For detailed procedural information, see the Policy Server Configuration Guide.

To create a realm for non-challenged requests:

  1. Start the SiteMinder Administrative UI.
  2. Configure a user directory connection to the same LDAP user store as the one used by WebSphere.
  3. Create a domain and assign the user directory from Step 2 to this domain.
  4. Create a realm with the following properties:
    Name

    SiteMinder System Login Realm.

    Description

    SiteMinder Login Module System Login Assertion Realm.

    Agent

    The SiteMinder Agent Identity you configured for the SiteMinder Agent for IBM WebSphere.

    Resource Filter

    /smsystemrealm (any value is valid, but it must match value of SystemAuthResource Agent configuration parameter specified for the Login Module).

    For example, /sitemindersystemirealm.

    Authentication Scheme

    Basic or any authentication scheme.

    Maximum Timeout

    An applicable value greater than the value specified for the WebSphere cache timeouts which apply to the WebSphere created RunAs Subject.

    Idle Timeout

    An applicable value greater than the value specified for the WebSphere cache timeouts which apply to the WebSphere created RunAs Subject.

    Persistent Session

    Non-persistent.

Configuring rules or policies for the System Login realm is typically unnecessary. However, to implement user mapping, set an authentication response attribute, and then configure appropriate rules and policies for the System Login realm.

More information:

Set the SystemAuthResource Agent Configuration Parameter