Configure eTrust SiteMinder
Before configuring SiteMinder...
- Configure HCL WebSphere Portal, including databases and LDAP user registry.
- Install Computer Associate's Policy Server.
- Install the eTrust SiteMinder Software Development Kit on the same server as HCL WebSphere Portal to use eTrust SiteMinder for both authentication and authorization.
- Install the eTrust SiteMinder Application Server Agent. Configure the eTrust SiteMinder Trust Association Interceptor (TAI).
Copy smagent.properties from the eTrust SiteMinder application server agent installation directory to...
WP_PROFILE/ConfigEngine/properties
By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with HCL WebSphere Portal and should be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:
- AsaAgent-az.conf
- AsaAgent-auth.conf
- To use eTrust SiteMinder for both authentication and authorization, ensure the following two files are in the WAS lib/ext directory.
- smjavasdk2.jar
- cryptoj.jar
If the directory is missing the JAR files, copy them from the eTrust SiteMinder SDK CA/sdk/java directory.
- Configure the security provider. Go to Configure the JVM to Use the JSafeJCE Security Provider for instructions.
- Create and specify the following eTrust SiteMinder Domain objects to use eTrust SiteMinder for both authentication and authorization.
User Directory The LDAP server and suffix Authentication Scheme Associates with the eTrust SiteMinder realms that HCL WebSphere Portal creates. An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object representing a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to go to the protected URL root and its child URL.
Agent An eTrust SiteMinder WebAgent configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.
What to do next
Choose the appropriate task to configure eTrust SiteMinder:
See
- Configure eTrust SiteMinder for authentication and authorization
- Configure eTrust SiteMinder to perform authentication
- Configure eTrust SiteMinder to perform authorization
- Remove eTrust SiteMinder
Parent External security managers