Configure eTrust SiteMinder

Configure eTrust SiteMinder

Before configuring SiteMinder...

Configure WebSphere Portal, including databases and LDAP user registry.

Install Computer Associate's Policy Server.

Install the eTrust SiteMinder Software Development Kit on the same server as WebSphere Portal to use eTrust SiteMinder for both authentication and authorization.

Install the eTrust SiteMinder Application Server Agent. Configure the eTrust SiteMinder Trust Association Interceptor (TAI).
Copy smagent.properties from the eTrust SiteMinder application server agent installation directory to...
WP_PROFILE/ConfigEngine/properties

By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and should be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:

AsaAgent-az.conf
AsaAgent-auth.conf

To use eTrust SiteMinder for both authentication and authorization, ensure the following two files are in the WAS lib/ext directory.

smjavasdk2.jar
cryptoj.jar

If the directory is missing the JAR files, copy them from the eTrust SiteMinder SDK CA/sdk/java directory.

Configure the security provider. Go to Configure the JVM to Use the JSafeJCE Security Provider for instructions.

Create and specify the following eTrust SiteMinder Domain objects to use eTrust SiteMinder for both authentication and authorization.

User Directory The LDAP server and suffix
Authentication Scheme Associates with the eTrust SiteMinder realms that WebSphere Portal creates.
An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object representing a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to go to the protected URL root and its child URL.
Agent An eTrust SiteMinder WebAgent configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.

What to do next
Choose the appropriate task to configure eTrust SiteMinder:

See

Configure eTrust SiteMinder for authentication and authorization
Configure eTrust SiteMinder to perform authentication
Configure eTrust SiteMinder to perform authorization
Remove eTrust SiteMinder

Parent External security managers

User Directory	The LDAP server and suffix
Authentication Scheme	Associates with the eTrust SiteMinder realms that WebSphere Portal creates. An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object representing a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to go to the protected URL root and its child URL.
Agent	An eTrust SiteMinder WebAgent configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.