Configure eTrust SiteMinder to perform authentication for WebSphere Portal

 

+
Search Tips   |   Advanced Search

 

IBM WebSphere Portal includes a configuration task called enable-sm-tai. This configuration task requires the Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution to be installed on the same machine as WebSphere Portal. This task interacts with IBM WAS security configuration to enable the eTrust SiteMinder TAI and to create the eTrust SiteMinder TAI as one of the interceptors.

If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WebSphere Application Server, execution of this configuration task is not required. Though it is not required, running the following configuration steps of this task will validate that the eTrust SiteMinder TAI is there and enabled.

We can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization. Using eTrust SiteMinder to perform only authorization is not supported at this time. To enable the eTrust SiteMinder TAI and create a new interceptor using configuration task enable-sm-tai:

1. Ensure the eTrust SiteMinder TAI installation has completed. The files installed with the eTrust SiteMinder TAI distribution will be configured during this task.

2. Locate the portal_server_root/config/wpconfig.properties file on the WebSphere Portal machine and create a backup copy before changing any values.

3. Edit the portal_server_root/config/wpconfig.properties file. Read the note, and then follow the instructions for entering the value appropriate for the environment:
   • Do not change any settings other than the one specified in this step. For instructions on working with these files, see Configuration properties reference, which contains a complete list of properties and their default values.

   • Use / instead of \ for all platforms.

   Locate the Advanced Security Configuration section of the wpconfig.properties file, and edit the SMConfigFile property to specify the location of the eTrust SiteMinder TAI WebAgent.conf file:

   Input	Description
   SMConfigFile	Location of the eTrust SiteMinder TAI WebAgent.conf file. The default value is: e:/netegrity6/smwastai/conf/WebAgent.conf. If you are using an external security manager in a clustered setup, read the details here to determine this value.

4. Save the portal_server_root/config/wpconfig.properties file.

5. Open a command prompt and change to the following directory:

   • UNIX:

     was_profile_root/bin

   • Windows:

     was_profile_root\bin

   • i5/OS:

     app_server_root/bin

6. Enter the following commands:
   1. Enter the following command:

      • UNIX:

        ./startServer.sh server1

      • Windows:

        startServer.bat server1

      • i5/OS:

        startServer -profileName profile_root

        ...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.

      ...where server1 is the name of the WebSphere Application Server administrative server.

   2. Enter the following command:

      • UNIX:

        ./stopServer.sh WebSphere_Portal -user admin_userid -password admin_password

      • Windows:

        stopServer.bat WebSphere_Portal -user admin_userid -password admin_password

      • i5/OS:

        stopServer WebSphere_Portal -profileName profile_root -user admin_userid -password admin_password

        ...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.

7. Change to the directory portal_server_root/config.

8. Enter the following command to run the appropriate configuration task for the specific operating system:

   • UNIX:

     ./WPSconfig.sh enable-sm-tai

   • Windows:

     WPSconfig.bat enable-sm-tai

   • i5/OS:

     WPSconfig.sh -profileName profile_root enable-sm-tai

     ...where profile_root is the name of the WebSphere Application Server profile where WebSphere Portal is installed; for example, wp_profile.

   If the configuration task fails, validate the values in the wpconfig.properties file.

9. Follow the steps to verify that the TAI is working properly in External authentication.

10. Optional Disable WebSphere Portal creation of user and groups. This procedure is explained in step 8 of the procedure for Configuring eTrust SiteMinder to perform authorization for WebSphere Portal

11. Our integration task is complete.

By default, the XML configuration interface cannot access the portal through eTrust SiteMinder. To enable the XML configuration interface to access the portal through eTrust SiteMinder, use eTrust SiteMinder to define the configuration URL (/wps/config ) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions. After the configuration URL is defined as unprotected, only WebSphere Portal enforces access control to this URL. Other portal resources, such as the /wps/myportal URL, are still protected by eTrust SiteMinder.

 

Related information

• Authentication

• External authentication

• Configuring eTrust SiteMinder to perform authorization for WebSphere Portal

• Configuring databases

 

Parent topic:

Using eTrust SiteMinder with WebSphere Portal

 

---