+

Search Tips   |   Advanced Search


Configure eTrust SiteMinder for authentication and authorization

You can configure Computer Associates eTrust SiteMinder to perform both authentication and authorization for WebSphere Portal. Using eTrust SiteMinder to perform only authorization is not supported at this time. Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as WebSphere Portal.

If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WAS, execution of this configuration task is not required.

Configure eTrust SiteMinder for authentication and authorization:

  1. Copy the smagent.properties file from the eTrust SiteMinder appserver agent installation directory to the following directory:

    Option Description
    Windows profile_root\properties
    UNIX profile_root/properties

  2. By default, the Netegrity Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

    • Asa-Agent-az.conf

    • Asa-Agent-auth.conf

  3. Edit the wkplc_comp.properties file:

    Option Description
    Windows located in the profile_root/ConfigEngine\properties directory
    UNIX located in the profile_root/ConfigEngine/properties directory

  4. Enter only the following parameters in the wkplc_comp.properties file under the Namespace management parameters heading:

    1. For wp.ac.impl.EACserverName, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

      If set, wp.ac.impl.EACcellName and wp.ac.impl.EACappname must also be set.

    2. For wp.ac.impl.EACcellName, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

      If set, wp.ac.impl.EACserverName and wp.ac.impl.EACappname must also be set.

    3. For wp.ac.impl.EACappname, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

      If set, wp.ac.impl.EACcellName and wp.ac.impl.EACservername must also be set.

    4. For wp.ac.impl.reorderRoles, type false to keep the role order or true to reorder the roles by resource type first.

  5. Enter the following parameters in the wkplc_comp.properties file under the Netegrity SiteMinder heading:

    1. For wp.ac.imp.SMDomain, type the eTrust SiteMinder Domain containing all externalized resources.

    2. For wp.ac.impl.SMScheme, type the eTrust SiteMinder Authentication scheme object name to use when creating realms.

    3. For wp.ac.impl.SMAgent, type the agent name that is created on eTrust SiteMinder for a specific external security manager instance.

    4. For wp.ac.impl.SMAgentPwd, type the password for wp.ac.impl.SMAgent.

    5. For wp.ac.impl.SMadminId, type the administrative user ID that eTrust SiteMinder will use to access the eTrust SiteMinder policy server.

    6. For wp.ac.impl.SMAdminPwd, type the password for wp.ac.impl.SMadminId.

    7. For wp.ac.impl.SMUserDir, type the eTrust SiteMinder User Directory object referencing the LDAP user registry.

    8. For wp.ac.impl.SMFailover, type true if more than one server is listed in wp.ac.impl.SMServers or type false if no additional servers are available for failover.

    9. For wp.ac.impl.SMServers, type a comma-delimited list of servers for the eTrust SiteMinder agent.

  6. Save changes to the wkplc_comp.properties file.

  7. Run...

      following

    to configure eTrust SiteMinder for authentication and authorization:

    Option Description
    Windows ConfigEngine.bat enable-sm-all from the profile_root/ConfigEngine directory
    UNIX ./ConfigEngine.sh enable-sm-all from the profile_root/ConfigEngine directory

  8. To stop and restart the server1 and WebSphere_Portal servers, where server1 is the name of the WAS and WebSphere_Portal is the name of the WebSphere Portal server:

    1. Open a command prompt and change to the following directory:

      • Windows: profile_root\bin

      • UNIX: profile_root/bin

    2. Enter the following command to stop the WAS:

      • Windows: stopServer.bat server1 -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh server1 -username admin_userid -password admin_password

    3. Enter the following command to stop the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: stopServer.bat WebSphere_Portal -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password

    4. Enter the following command to start the WAS:

      • Windows: startServer.bat server1

      • UNIX: ./startServer.sh server1

    5. Enter the following command to start the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: startServer.bat WebSphere_Portal

      • UNIX: ./startServer.sh WebSphere_Portal

Depending on your configuration, the XML configuration interface may not be able to access WebSphere Portal through eTrust SiteMinder. To allow the XML configuration interface to access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent topic:

Configure eTrust SiteMinder