Configure eTrust SiteMinder to perform authentication

WebSphere Portal includes a configuration task called enable-sm-tai. This task interacts with IBM WAS security configuration to enable the eTrust SiteMinder TAI and to create it as one of the interceptors. You can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization. Using it to perform authorization only is not supported at this time.

Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as WebSphere Portal. If you are performing this task in a clustered environment, install the eTrust SiteMinder TAI distribution on each node in the cluster.

If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WAS, execution of this configuration task is not required.

To enable the eTrust SiteMinder TAI and create a new interceptor:

  1. Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the following directory:

    • Windows™: WP_PROFILE/properties

    • UNIX™: WP_PROFILE/properties

      Clustered: Complete this step on all nodes.

  2. By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

      Asa-Agent-az.conf

      Asa-Agent-auth.conf

      Clustered: Complete this step on all nodes.

  3. Run the following task to enable eTrust SiteMinder TAI:

    • Windows: ConfigEngine.bat enable-sm-tai -DWasPassword=foo from the WP_PROFILE/ConfigEngine

    • UNIX: ./ConfigEngine.sh enable-sm-tai -DWasPassword=foo from the WP_PROFILE/ConfigEngine

  4. Stop and restart the appropriate servers to propagate the changes.

  5. Go to the Verify Trust Association Interceptors for authentication file to verify that the TAI is working properly.

Depending on configuration, the XML configuration interface may not be able to access WebSphere Portal through eTrust SiteMinder. To allow xmlaccess.sh to access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent

Configure eTrust SiteMinder


Related tasks


Start and stop servers, dmgrs, and node agents

 


+

Search Tips   |   Advanced Search