Define the following Agent configuration parameters for the SiteMinder TAI in an associated Agent Configuration Object or Agent configuration file.
Note: The SiteMinder Agent for IBM WebSphere does not use the same agent configuration parameters as a SiteMinder Web Agent and even where parameters have similar names their values might not be compatible. Do not attempt to use the Agent Configuration Object for a SiteMinder Web Agent for the SiteMinder Agent for IBM WebSphere. For a complete listing of configuration parameters for the SiteMinder Agent, see Agent Configuration Parameters.
Required Parameter |
Value |
Description |
---|---|---|
AcceptTpCookie |
yes or no |
Configures the SiteMinder TAI to assert identities from third-party SiteMinder session cookies generated using the SiteMinder SDK. For details, see "Enabling Single Sign-On" in the Agent API chapter of:
Default is NO. Note: If you configure the SiteMinder TAI to accept third-party SiteMinder session cookies, also configure the SiteMinder Login Module to accept them so that it can assert WebSphere propagation tokens in situations when WebSphere must reestablish Subjects created by the SiteMinder TAI. |
ChallengeForCredentials |
yes or no |
Specifies whether the SiteMinder TAI should challenge for credentials. Default is NO. |
AssertionAuthResource |
String |
If you are configuring the TAI to not challenge requests for credentials, this value must match the value specified for the resource filter in the realm that you create for non-challenged requests. For example: assertionauthresource=/sitemindertai |
CookieDomain |
String |
Name of the cookie domain. For example: cookiedomain="ca.com" No default value. See also the cookiedomainscope parameter. |
CookieDomainScope |
Number |
If specified, further defines the cookie domain for assertion of SiteMinder session cookies by the SiteMinder TAI. The scope determines the number of sections, separated by periods, that make up the domain name. A domain always begins with a period (.) character. For example: cookiedomainscope="2" Default is 0, which takes the domain name specified in the cookiedomain parameter. |
EncryptAgentName |
yes or no |
Specifies whether the agent name should be encrypted when redirecting to the SiteMinder Web Agent for SiteMinder TAI credential collection. Default is NO. |
FccCompatMode |
yes or no |
Specifies whether to handle backward compatibility of forms credential collection, which the SiteMinder TAI does not support. You must therefore set this parameter to NO for both the SiteMinder TAI and the Web Agent: fcccompatmode="NO" |
PersistentCookies |
yes or no |
Specifies whether the agent allows single sign-on for multiple browser sessions. When this is enabled, users who authenticate during one browser session will retain single sign-on capabilities for subsequent browser sessions. Default is NO. |
PrevalidateCookie (TAI) |
yes or no |
Specifies whether the SiteMinder TAI (when configured not to challenge requests for credentials) validates that the SiteMinder session ticket is valid (not corrupt, expired, can be decrypted, and so on). If the session ticket is good, the SiteMinder TAI then processes the request. If the session ticket is not valid, The SiteMinder TAI returns FALSE and does not process the request. For example: PrevalidateCookie=YES This parameter is ignored if ChallengeForCredentials=YES or if there is no SiteMinder session ticket in a request. Default is NO. |
ServerErrorFile |
String |
Specifies a page to redirect a request to if a processing error is encountered. This can either be an HTTP or local file system resource. For example: servererrorfile="http://server.ca.com:88/errorpage.html" If this setting is not configured, a default message is output to the response when the TAI encounters an error. The default message is "SiteMinder Agent encountered an error while handling request. Please ask the administrator to look for messages in the server's agent log to check for the cause." |
Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |