Configure SiteMinder to perform authentication for WebSphere Portal

WebSphere Portal includes a configuration task, WPSconfig.sh enable-sm-tai, that requires the Netegrity SiteMinder TAI distribution to be installed on the same machine as WebSphere Portal.

This task interacts with WAS security configuration to enable the SiteMinder TAI and to create the SiteMinder TAI as one of the interceptors.

There are additional considerations when you are setting up security to use an external security manager in a WebSphere Portal cluster environment and across mixed nodes. For instance, perform any configuration for an external security manager after you have completed all other setup tasks, including ensuring that the WebSphere Portal cluster is functional.

Note that if you have completed the TAI installation and configuration instructions included with the Netegrity distribution, including registering the TAI with WAS, execution of this configuration task is not required. Though it is not required, running the following configuration steps of this task will validate that the SiteMinder TAI is there and enabled.

WebSphere Portal no longer includes a TAI for SiteMinder. Instead, WebSphere Portal supports a TAI that is provided by Netegrity.

You can configure SiteMinder to provide authentication independently from configuring SiteMinder to provide authorization. Using SiteMinder to perform only authorization is not supported at this time.

By default, the XML configuration interface cannot access the portal through SiteMinder. To enable the XML configuration interface to access the portal through SiteMinder, use SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the SiteMinder documentation for specific instructions.

After the configuration URL is defined as unprotected, only WebSphere Portal enforces access control to this URL. Other portal resources, such as the /wps/myportal URL, are still protected by SiteMinder.

Follow these steps to enable the SiteMinder TAI and create a new interceptor using configuration task enable-sm-tai:

  1. Make a backup copy of...

    $WP_ROOT/config/wpconfig.properties

  2. Use a text editor to open...

    $WP_ROOT/config/wpconfig.properties

    Read the note, and then follow the instructions for entering the value appropriate for your environment.

    Do not change any settings other than the one specified in this step. For instructions on working with these files, see Configuration properties reference, which contains a complete list of properties and their default values.

    Use / instead of \ for all platforms.

    Locate the Advanced Security Configuration section of the wpconfig.properties file, and edit the SMConfigFile property to specify the location of the SiteMinder TAI WebAgent.conf file:

    Input Description
    SMConfigFile Location of the SiteMinder TAI WebAgent.conf file.

    The default value is: e:/netegrity6/smwastai/conf/WebAgent.conf

  3. Save the wp_root/config/wpconfig.properties file.

  4. Open a command prompt and change to directory was_root/bin.

  5. Enter the following commands, remembering that security is enabled:
    1. startServer server1
    2. stopServer WebSphere_Portal -user was_admin_userid -password was_admin_password

  6. Change to the directory wp_root/config.

  7. Enter the following command to run the appropriate configuration task...

    ./WPSconfig.sh enable-sm-tai

    If the configuration task fails, validate the values in the wpconfig.properties file.

  8. Follow the steps to verify that the TAI is working properly in External authentication.

  9. Optional: Disable WebSphere Portal creation of user and groups.

    See step 8 of the procedure for Configure SiteMinder to perform authorization for WebSphere Portal.

 

See also

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

 

Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.