Portal, V6.1

---

 

Configure eTrust SiteMinder to perform authentication

IBM WebSphere Portal includes a configuration task called enable-sm-tai. This task interacts with IBM WAS security configuration to enable the eTrust SiteMinder TAI and to create it as one of the interceptors. You can configure eTrust SiteMinder to provide authentication independently from configuring it to provide authorization.

Using it to perform authorization only is not supported at this time. Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as WebSphere Portal.

If you have completed the TAI installation and configuration instructions included with the Computer Associates eTrust SiteMinder distribution, including registering the TAI with WAS, execution of this configuration task is not required.

To enable the eTrust SiteMinder TAI and create a new interceptor:

1. Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the following directory:

   Option	Description
   Windows	WP_PROFILE\properties
   UNIX	WP_PROFILE/properties

2. By default, the Netegrity Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

   • Asa-Agent-az.conf

   • Asa-Agent-auth.conf

3. Run the following task to enable eTrust SiteMinder TAI:

   Option	Description
   Windows	ConfigEngine.bat enable-sm-tai from the WP_PROFILE\ConfigEngine directory
   UNIX	./ConfigEngine.sh enable-sm-tai from the... WP_PROFILE/ConfigEngine ...directory

   If the configuration task fails, validate the values in the wkplc_comp.properties file.

4. To stop and restart the server1 and WebSphere_Portal servers:

   1. Open a command prompt and change to the following directory:

      • Windows: WP_PROFILE\bin

      • UNIX: WP_PROFILE/bin

   2. Stop the WAS:

      • Windows: stopServer.bat server1 -username adminid -password passwd

      • UNIX: ./stopServer.sh server1 -username adminid -password passwd

   3. Stop the WebSphere_Portal server:

      • Windows: stopServer.bat WebSphere_Portal -username adminid -password passwd

      • UNIX: ./stopServer.sh WebSphere_Portal -username adminid -password passwd

   4. Start the WAS:

      • Windows: startServer.bat server1

      • UNIX: ./startServer.sh server1

   5. Start the WebSphere_Portal server:

      • Windows: startServer.bat WebSphere_Portal

      • UNIX: ./startServer.sh WebSphere_Portal

5. Go to the Verifying Trust Association Interceptors file to verify that the TAI is working properly.

Depending on your configuration, the XML configuration interface may not be able to access WebSphere Portal through eTrust SiteMinder. To allow the XML configuration interface to access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.

 

Parent topic

Configure eTrust SiteMinder

---