+

Search Tips   |   Advanced Search

Configure eTrust SiteMinder

Before configuring SiteMinder...

  1. Configure WebSphere Portal, including databases and LDAP user registry.

  2. Install Computer Associate's Policy Server.

  3. Install the eTrust SiteMinder Software Development Kit on the same server as WebSphere Portal to use eTrust SiteMinder for both authentication and authorization.

  4. Install the eTrust SiteMinder Application Server Agent. Configure the eTrust SiteMinder Trust Association Interceptor (TAI).

    Copy smagent.properties from the eTrust SiteMinder application server agent installation directory to...

      WP_PROFILE/ConfigEngine/properties

    By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and should be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:

    • AsaAgent-az.conf
    • AsaAgent-auth.conf

  5. To use eTrust SiteMinder for both authentication and authorization, ensure the following two files are in the WAS lib/ext directory.

    • smjavasdk2.jar
    • cryptoj.jar

    If the directory is missing the JAR files, copy them from the eTrust SiteMinder SDK CA/sdk/java directory.

  6. Configure the security provider. Go to Configure the JVM to Use the JSafeJCE Security Provider for instructions.

  7. Create and specify the following eTrust SiteMinder Domain objects to use eTrust SiteMinder for both authentication and authorization.

      User Directory The LDAP server and suffix
      Authentication Scheme Associates with the eTrust SiteMinder realms that WebSphere Portal creates.

      An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object representing a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to go to the protected URL root and its child URL.

      Agent An eTrust SiteMinder WebAgent configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.


What to do next

Choose the appropriate task to configure eTrust SiteMinder:


See


Parent External security managers