+

Search Tips   |   Advanced Search

Configure eTrust SiteMinder for authentication and authorization

We can configure CA eTrust SiteMinder to perform both authentication and authorization for IBM WebSphere Portal. Using eTrust SiteMinder to perform only authorization is not supported at this time.

Install the eTrust SiteMinder TAI distribution on each node in the cluster.

  1. Copy smagent.properties from the eTrust SiteMinder application server agent installation directory to...

      WP_PROFILE/properties

    Complete this step on all nodes.

  2. By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and must be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:

    • AsaAgent-az.conf
    • AsaAgent-auth.conf

    Complete this step on all nodes.

  3. Edit

  4. Update the Namespace management parameters in wkplc_comp.properties

      wp.ac.impl.EACserverName Namespace context information. If set, wp.ac.impl.EACcellName and wp.ac.impl.EACappname must also be set. All three parameters must be set or none of them.
      wp.ac.impl.EACcellName Namespace context information. If set, wp.ac.impl.EACserverName and wp.ac.impl.EACappname must also be set.
      wp.ac.impl.EACappname Namespace context information. If set, impl.EACcellName and wp.ac.impl.EACserverName must also be set.
      wp.ac.impl.reorderRoles, Set false to keep the role order or true to reorder the roles by resource type first.

  5. Enter the following parameters in wkplc_comp.properties; go to the SiteMinder heading:

    Complete this step on all nodes in the cluster. The following parameters must match on all nodes in the clustered environment. The one exception is the parameter...

    wp.ac.impl.PDServerName

    wp.ac.imp.SMDomain eTrust SiteMinder Domain containing all externalized resources.
    wp.ac.impl.SMScheme eTrust SiteMinder Authentication scheme object name to use when creating realms.
    wp.ac.impl.SMAgent Agent name created on eTrust SiteMinder for a specific external security manager instance.
    wp.ac.impl.SMAgentPwd Password for wp.ac.impl.SMAgent.
    wp.ac.impl.SMadminId Administrative user ID that eTrust SiteMinder uses to access the eTrust SiteMinder policy server.
    wp.ac.impl.SMAdminPwd Password for wp.ac.impl.SMadminId.
    wp.ac.impl.SMUserDir eTrust SiteMinder User Directory object that references the LDAP user registry.
    wp.ac.impl.SMFailover True if more than one server is listed in wp.ac.impl.SMServers or type false if no additional servers are available for failover.
    wp.ac.impl.SMServers Comma-delimited list of servers for the eTrust SiteMinder agent.

  6. Save your changes to the properties file.

  7. Configure eTrust SiteMinder for authentication and authorization:

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh enable-sm-all

    Complete this step on all nodes.

  8. Stop and restart the appropriate servers to propagate the changes.


What to do next

Depending on the configuration, the XML configuration interface might not be able to access WebSphere Portal through eTrust SiteMinder. To allow the XML configuration interface access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent Configure eTrust SiteMinder