+

Search Tips   |   Advanced Search

Configure eTrust SiteMinder to perform authentication

IBM WebSphere Portal includes a configuration task called enable-sm-tai. This task interacts with WAS security configuration to enable the eTrust SiteMinder TAI and to create it as one of the interceptors. We can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization. Using it to perform authorization only is not supported at this time.

Install CA eTrust SiteMinder TAI distribution on the same machine as WebSphere Portal. Install the eTrust SiteMinder TAI distribution on each node in the cluster.

If we have completed the TAI installation and configuration instructions included with the CA eTrust SiteMinder distribution, including registering the TAI with WAS, execution of this configuration task is not required.

To enable the eTrust SiteMinder TAI and create a new interceptor:

  1. Copy smagent.properties from the eTrust SiteMinder application server agent installation directory to...

      WP_PROFILE/properties

    Complete this step on all nodes.

  2. By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and must be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:

    • AsaAgent-az.conf
    • AsaAgent-auth.conf

    Complete this step on all nodes.

  3. Enable eTrust SiteMinder TAI:

      cd WP_PROFILE/ConfigEngine
      ./ConfigEngine.sh enable-sm-tai -DWasPassword=foo

  4. Stop and restart the appropriate servers to propagate the changes.

  5. Go to the Verify Trust Association Interceptors for authentication file to verify the TAI is working properly.


What to do next

Depending on the configuration, the XML configuration interface might not be able to access WebSphere Portal through eTrust SiteMinder. To allow the XML configuration interface access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent Configure eTrust SiteMinder