+

Search Tips   |   Advanced Search


Configure eTrust SiteMinder to perform authentication

WebSphere Portal includes a configuration task called enable-sm-tai. This task interacts with IBM WAS security configuration to enable the eTrust SiteMinder TAI and to create it as one of the interceptors. You can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization.

Using it to perform authorization only is not supported at this time. Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as WebSphere Portal.

If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WAS, execution of this configuration task is not required.

To enable the eTrust SiteMinder TAI and create a new interceptor:

  1. Copy the smagent.properties file from the eTrust SiteMinder appserver agent installation directory to the following directory:

    Option Description
    Windows profile_root\properties
    UNIX profile_root/properties

  2. By default, the Netegrity Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

    • Asa-Agent-az.conf

    • Asa-Agent-auth.conf

  3. Run...

      following

    to enable eTrust SiteMinder TAI:

    Option Description
    Windows ConfigEngine.bat enable-sm-tai -DWasPassword=password from the profile_root/ConfigEngine directory
    UNIX ./ConfigEngine.sh enable-sm-tai -DWasPassword=password from the profile_root/ConfigEngine directory

    If the configuration task fails, validate the values in the wkplc_comp.properties file.

  4. To stop and restart the server1 and WebSphere_Portal servers, where server1 is the name of the WAS and WebSphere_Portal is the name of the WebSphere Portal server:

    1. Open a command prompt and change to the following directory:

      • Windows: profile_root\bin

      • UNIX: profile_root/bin

    2. Enter the following command to stop the WAS:

      • Windows: stopServer.bat server1 -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh server1 -username admin_userid -password admin_password

    3. Enter the following command to stop the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: stopServer.bat WebSphere_Portal -username admin_userid -password admin_password

      • UNIX: ./stopServer.sh WebSphere_Portal -username admin_userid -password admin_password

    4. Enter the following command to start the WAS:

      • Windows: startServer.bat server1

      • UNIX: ./startServer.sh server1

    5. Enter the following command to start the WebSphere_Portal server, where WebSphere_Portal is the name of the WebSphere Portal server:

      • Windows: startServer.bat WebSphere_Portal

      • UNIX: ./startServer.sh WebSphere_Portal

  5. Go to the Verify Trust Association Interceptors for authentication file to verify that the TAI is working properly.

Depending on your configuration, the XML configuration interface may not be able to access WebSphere Portal through eTrust SiteMinder. To allow the XML configuration interface to access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent topic:

Configure eTrust SiteMinder