Use SiteMinder with WebSphere Portal

---

This section provides information for configuring Netegrity SiteMinder for use with WebSphere Portal. Use SiteMinder to perform authentication or to perform both authentication and authorization for the portal. Using SiteMinder to perform only authorization is not supported at this time.

When you are setting up security to use an external security manager in a WebSphere Portal cluster environment and across mixed nodes, there are additional considerations. For instance, perform any configuration for an external security manager after you have completed all other setup tasks, including ensuring that the WebSphere Portal cluster is functional. Read the details about using an external security manager in a cluster here.

You can configure SiteMinder to perform authentication and authorization for the portal in either of two ways:

1. Configure more automatically: Edit values in the wpconfig.properties file, run some authentication steps, then run the enable-sm-all configuration task. enable-sm-all configuration task automatically runs all the necessary steps, including the authentication and authorization configuration tasks that are listed next. Open these links listed to view the details of work that enable-sm-all configuration task performs.

2. Configure one step at a time using the following information:

   • Configure SiteMinder to perform authentication for WebSphere Portal

   • Configure SiteMinder to perform authorization for WebSphere Portal

Follow the automatic path by completing the following steps to run the enable-sm-all configuration task:

1. Install and configure WebSphere Portal, the database software, and the LDAP directory.

2. Install Netegrity Policy Server. install the SiteMinder Software Development Kit on the same machine as WebSphere Portal. Refer to the SiteMinder documentation for more information.

3. Review the How to Implement the Java Agent API section in the SiteMinder Developer's API Guide to ensure that your environment is set up correctly.

4. Copy the smjavasdk2.jar included in the SiteMinder Software Development Kit to the WebSphere Application Server lib directory. For example: C:\WebSphere\AppServer\lib.

5. Create and specify the following SiteMinder Domain objects. Refer to the SiteMinder Policy Design documentation for information about how to create these objects:

   • User Directory: the LDAP server and suffix

   • Authentication Scheme: to associate with the SiteMinder realms that WebSphere Portal creates

   • Agent: a SiteMinder WebAgent that is configured to "support 4.x agents" or a custom SiteMinder agent. The agent must have a static shared secret to allow communication with the SiteMinder Policy Server. See the next step for more information about creating a custom SiteMinder agent.

6. Now that SiteMinder components are ready, continue preparing the WebSphere Portal. Locate the wp_root/config/wpconfig.properties file on the WebSphere Portal machine and create a backup copy before changing any values.

7. Use a text editor to open the wp_root/config/wpconfig.properties file. Read the note, and then follow the instructions for entering the values appropriate for your environment.

   Note the following:

   • Do not change any settings other than those specified in these steps. For instructions on working with these files, see Configuration properties reference, which contains a complete list of properties and their default values.

   • Use / instead of \ for all platforms.

   • Some values, shown in italics in the steps below, might need to be modified to your specific environment.

   • The Namespace management parameters cover both SiteMinder and TAM.

   Edit the following values in the Advanced Security Configuration section of the wpconfig.properties file:

   Input	Description
   EACserverName	(Optional) Namespace context information to further distinguish externalized portal role names from other role names in the namespace. If set, EACcellName and EACappname must also be set.
   reorderRoles	This field will allow you to either have your externalized Portal rolenames displayed with the resource type first, or the role types first.
   EACcellName	(Optional) Namespace context information to further distinguish externalized portal role names from other role names in the namespace. If set, EACserverName and EACappname must also be set.
   EACappName	(Optional) Namespace context information to further distinguish externalized portal role names from other role names in the namespace. If set, EACcellName and EACservername must also be set.
   SMConfigFile	Location of the SiteMinder TAI WebAgent.conf file.
   SMDomain	SiteMinder Domain containing all externalized portal resources.
   SMScheme	SiteMinder Authentication scheme object name to use when creating realms.
   SMAgent	The agent name that is created on SiteMinder for a specific portal external security manager instance. This agent must support SiteMinder 4.x agents.
   SMAgentPw	Password for SiteMinder custom (SMAgent) or 4.x web agent is specified in this SMAgentPW property.
   SMAdminId	The administrative user ID that SiteMinder will use to access the SiteMinder policy server.
   SMAdminPw	Password for SiteMinder administrative user (SMAdminId).
   SMUserDir	SiteMinder User Directory object referencing the LDAP server used for Portal users and groups.
   SMFailover	Failover mode of SiteMinder Policy Server. Must be set to true if more than one policy server is listed in the SMServers property.
   SMServers	Comma-delimited list of servers for SiteMinder agent.

8. Save the wp_root/config/wpconfig.properties file.

9. Open a command prompt and change directory to was_root/bin.

10. Enter the following commands, remembering that security is enabled:

    1. startServer server1

    2. stopServer WebSphere_Portal -user was_admin_userid -password was_admin_password

11. Change directory to wp_root/config.

12. Enter the following command to run the appropriate configuration task for your specific operating system. This configuration task automatically updates the WebSphere Application Server and WebSphere Portal configurations to enable SiteMinder ESM integration:

    • UNIX: ./WPSconfig.sh enable-sm-all -DSMAgentPW=password -DSMAdminPW=password

    • Windows: WPSconfig.bat enable-sm-all -DSMAgentPW=password -DSMAdminPW=password

    If the configuration task fails, validate the values in the wpconfig.properties file.

13. Verify that SiteMinder is working properly.

 

See also

• Configure SiteMinder to perform authentication for WebSphere Portal

• Configure Tivoli Access Manager to perform authentication for WebSphere Portal

• Configure SiteMinder to perform authorization for WebSphere Portal

• Configure Tivoli Access Manager to perform authorization

• External security managers

• Component configuration

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.