| CA |
3.0 Installation Considerations
4.0 General Considerations
4.1 Setting the Authentication Method for Protected WebLogic Resources
5.0 Known Issues
5.1 LogRollOverSize Logging Parameter Incorrectly Accepts Negative, Character, and Decimal Values and Does Not Display the Default Value in Logs (27390)
5.2 Identity Asserter Not Propagating New User's Identify into the WebLogic Server After Logoff and Login (36161)
Welcome to SiteMinder Agent r6.0 for BEA WebLogic 9.2. This Application Server Agent provides a SiteMinder-based access control solution for the BEA WebLogic Server. The BEA WebLogic Server is integrated into the SiteMinder environment, enabling you to configure security policies to protect WebLogic Server-hosted Web applications and EJB resources.
Features of the Application Server Agent include:
The Application Server Agent resides on a WebLogic Server in the middle tier of a multi-tier architecture, between the client and enterprise information systems (EIS) tiers.
Before installing the SiteMinder Agent, install the following software:
To use the SiteMinder Identity Asserter to validate identities obtained from SiteMinder session cookies during perimeter authentication, install the following additional software:
For a list of supported proxies, see:
User directory compatible with the SiteMinder Policy Server and WebLogic Application Server.
The SiteMinder Agent installation includes the following security providers:
Although each of these providers is installed when you run the SiteMinder Agent installation, you need only configure the providers that you want to use.
The following are general considerations for SiteMinder Agent.
To use perimeter authentication for BEA WebLogic 9.2 Servers, you must set the authentication method to CLIENT-CERT in the web.xml file for each protected application on the WebLogic application server. If the authentication method is not set to CLIENT-CERT, SiteMinder session cookies do not trigger the Identity Asserter.
To set the authentication method:
The web.xml file is located in your_application\WEB-INF where your_application is the name of the application
The <login-config> element resembles the following:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
The following are known issues:
Issue:
The LogRollOverSize logging parameter incorrectly accepts negative, character, and decimal values and does not display the default value in Logs. In this situation, the Agent uses the default value (10MB) and continues to function normally.
Workaround:
Set the LogRollOverSize parameter to a positive integer value that specifies the required rollover size in KB.
Issue:
The following steps describe this limitation:
The Identity Asserter log file did not show that the identity of the second user was ever asserted. Further, the WebLogic Server never issued a new JSession cookie. The first user was logged out of the SiteMinder session but not the WebLogic Server session. In this scenario, the SiteMinder Agent for BEA WebLogic functions as designed since the synchronization of the SiteMinder logoff and WebLogic logoff is not required.
Workaround:
As a workaround, do one of the following:
All published fixes for this product can be found through Published Solutions on SupportConnect at http://ca.support.com.
An internationalized product is an English product that runs correctly on local language versions of the required operating system and required third-party products, and supports local language data for input and output. Internationalized products also support the ability to specify local language conventions for date, time, currency and number formats.
A translated product (sometimes referred to as a localized product) is an internationalized product that includes local language support for the product's user interface, online help and other documentation, as well as local language default settings for date, time, currency, and number formats.
In addition to the English release of this product, CA supports only those languages listed in the following table.
| Language | Internationalized | Translated |
|---|---|---|
| Brazilian-Portuguese | No | No |
| Chinese (Simplified) | Yes | No |
| Chinese (Traditional) | No | No |
| Czech | Yes | No |
| Danish | Yes | No |
| Dutch | Yes | No |
| Finish | Yes | No |
| French | Yes | No |
| German | Yes | No |
| Greek | Yes | No |
| Hungarian | Yes | No |
| Italian | Yes | No |
| Japanese | Yes | No |
| Korean | Yes | No |
| Norwegian | Yes | No |
| Polish | Yes | No |
| Russian | Yes | No |
| Spanish | Yes | No |
| Swedish | Yes | No |
| Turkish | Yes | No |
Note: If you run the product in a language environment not listed in the table, you may experience problems.
Updated guides for this product are available at http://ca.support.com.
The PDF guide for this product is as follows:
To view PDF file, you must download and install the Adobe Reader from the Adobe Web site if it is not already installed on your computer.
The release number on the title page of a document might not correspond to the current product release number; however, all documentation delivered with the product, regardless of release number on the title page, will support your use of the current product release. The release number changes only when a significant portion of a document changes to support a new or updated product release. If no substantive changes are made to a document, the release number does not change. For example, a document for r11 may still be valid for r11.1 or even r12. Documentation bookshelves always reflect the current product release number.
Occasionally, we must update documentation outside of a new or updated release. To indicate a minor change to the documentation that does not invalidate it for any releases that it supports, we update the edition number on the cover page. First editions do not have an edition number.
For online technical assistance and a complete list of locations, primary service hours, and telephone numbers, contact Technical Support at ({\field {\s154\ul HYPERLINK "http://www.ca.com/support"}{\s154\ul }{\fldrslt {\s154\ul http://www.ca.com/support}}}).