Configure eTrust SiteMinder

WebSphere Portal supports the use of Computer Associates eTrust SiteMinder for authentication and authorization.

Before configuring eTrust SiteMinder for authentication and/or authorization, complete the following tasks:

1. Install and configure WebSphere Portal, including databases and LDAP user registry.

2. Install Computer Associate's Policy Server.

3. Install the eTrust SiteMinder Software Development Kit on the same machine as WebSphere Portal to use eTrust SiteMinder for both authentication and authorization. Refer to the eTrust SiteMinder documentation for more information.

4. Install the eTrust SiteMinder Trust Association Interceptor (TAI), following the instructions in the eTrust SiteMinder documentation.
   Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the following directory:

   OS	Directory
   Windows™	located in the WP_PROFILE/ConfigEngine/properties directory
   UNIX™	located in the WP_PROFILE/ConfigEngine/properties directory

   By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

   Asa-Agent-az.conf

   Asa-Agent-auth.conf

5. If you plan to use eTrust SiteMinder for both authentication and authorization, ensure that the eTrust SiteMinder Software Development Kit smjavasdk2.jar is in the WAS lib/ext directory. If the directory is missing the jar file, copy the smjavasdk2.jar from the eTrust SiteMinder SDK /java directory.

6. Create and specify the following eTrust SiteMinder Domain objects to use eTrust SiteMinder for both authentication and authorization. Refer to the eTrust SiteMinder Policy Design documentation for information about how to create these objects:

   • User Directory: The LDAP server and suffix

   • Authentication Scheme: Associates with the eTrust SiteMinder realms that WebSphere Portal creates.
     An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object representing a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to navigate to the protected URL root and its children URLs.

   • Agent: An eTrust SiteMinder WebAgent that is configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.

Perform the following tasks to configure eTrust SiteMinder:

Configure eTrust SiteMinder for authentication and authorization
• Configure eTrust SiteMinder to perform authentication
• Configure eTrust SiteMinder to perform authorization
• Remove eTrust SiteMinder

Parent

External security managers

 

+

Search Tips   |   Advanced Search