Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Configure eTrust SiteMinder to perform authentication for WebSphere Portal Express
IBM® WebSphere® Portal Express includes a configuration task called enable-sm-tai. This configuration task requires the Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution to be installed on the same machine as WebSphere Portal Express. This task interacts with IBM WebSphere Application Server security configuration to enable the eTrust SiteMinder TAI and to create the eTrust SiteMinder TAI as one of the interceptors.
If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WebSphere Application Server, execution of this configuration task is not required. Though it is not required, running the following configuration steps of this task will validate that the eTrust SiteMinder TAI is there and enabled.
You can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization. Using eTrust SiteMinder to perform only authorization is not supported at this time.
Follow these steps to enable the eTrust SiteMinder TAI and create a new interceptor using configuration task enable-sm-tai:
- Ensure the eTrust SiteMinder TAI
installation has completed. The files installed with the eTrust SiteMinder TAI
distribution will be configured during this task.
If you are using eTrust SiteMinder Agent V6 for IBM WebSphere, there are several manual steps to setting up the directory structure for correct TAI operation. These steps are outlined in the eTrust SiteMinder Agent for IBM WebSphere Guide, and may include:
- Host registration
- Copying the smagent.conf file to the WebSphere Application Server profile directory:
was_profile_root/properties
- Locate the portal_server_root/config/wpconfig.properties file on the WebSphere Portal Express machine and create a backup copy before changing any values.
- Use a text editor to open the portal_server_root/config/wpconfig.properties file.
Read the note, and then follow the instructions for entering the value appropriate for your environment:
- Do not change any settings other than the one specified in this step. For instructions on working with these files, see Configuration properties reference, which contains a complete list of properties and their default values.
- Use / instead of \ for all platforms.
Locate the Advanced Security Configuration section of the wpconfig.properties file, and edit the SMConfigFile property to specify the location of the appropriateeTrust SiteMinder TAI file:
- On TAI Version 5.6 and earlier, the default name for this configuration file is WebAgent.conf
- If you are using eTrust SiteMinder Agent V6 for IBM WebSphere, the file name is Asa-Agent-assertion.conf
Input Description SMConfigFile Location of the eTrust SiteMinder TAI file. The default value is: e:/netegrity6/smwastai/conf/TAI filename. If you are using an external security manager in a clustered setup, read the details here to determine this value. - Save the portal_server_root/config/wpconfig.properties file.
- Open a command prompt and change to the following directory:
- Linux:
was_profile_root/bin
- Windows:
was_profile_root\bin
- i5/OS:
app_server_root/bin
- Linux:
- Enter the following commands:
- Enter the following command:
- Linux:
./startServer.sh server1
- Windows:
startServer.bat server1
- i5/OS:
startServer.sh server1 -profileName profile_root
where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.
server1 is the name of your WebSphere Application Server administrative server.
- Linux:
- Enter the following command:
- Linux:
./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password
- Windows:
stopServer.bat WebSphere_Portal -user admin_userid -password admin_password
- i5/OS:
stopServer.sh WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password
where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.
- Linux:
- Enter the following command:
- Change to the directory portal_server_root/config.
- Enter the following command to run the appropriate configuration task for your specific operating system:
- Linux:
./WPSconfig.sh enable-sm-tai
- Windows:
WPSconfig.bat enable-sm-tai
- i5/OS:
WPSconfig.sh -profileName profile_root enable-sm-tai
where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal Express is installed; for example, wp_profile.
If the configuration task fails, validate the values in the wpconfig.properties file.
- Linux:
- Follow the steps to verify that the TAI is working properly in External authentication.
- Optional Disable WebSphere Portal Express creation of user and groups. This procedure is explained in step 8 of the procedure for Configuring eTrust SiteMinder to perform authorization for WebSphere Portal Express
- Your integration task is complete.
By default, the XML configuration interface cannot access the portal through eTrust SiteMinder. To enable the XML configuration interface to access the portal through eTrust SiteMinder, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions. After the configuration URL is defined as unprotected, only WebSphere Portal Express enforces access control to this URL. Other portal resources, such as the /wps/myportal URL, are still protected by eTrust SiteMinder.
Related information
- Authentication
- External authentication
- Configuring eTrust SiteMinder to perform authorization for WebSphere Portal Express
- Configuring databases