Configure eTrust SiteMinder for authentication and authorization

You can configure Computer Associates eTrust SiteMinder to perform both authentication and authorization for WebSphere Portal. Using eTrust SiteMinder to perform only authorization is not supported at this time.

Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as WebSphere Portal. If you are performing this task in a clustered environment, install the eTrust SiteMinder TAI distribution on each node in the cluster.

Configure eTrust SiteMinder for authentication and authorization:

  1. Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the following directory:

    • Windows™: WP_PROFILE/properties

    • UNIX™: WP_PROFILE/properties

      Clustered: Complete this step on all nodes.

  2. By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents have not been tested with WebSphere Portal and should be disabled. Modify the following files under the eTrust SiteMinder installation directory to set EnableWebAgent=no:

      Asa-Agent-az.conf

      Asa-Agent-auth.conf

      Clustered: Complete this step on all nodes.

  3. Edit wkplc_comp.properties, located in...

    • Windows: WP_PROFILE/ConfigEngine/properties

    • UNIX: WP_PROFILE/ConfigEngine/properties

    • IBM i: WP_PROFILE/ConfigEngine/properties

  4. Enter only the following parameters in wkplc_comp.properties under the Namespace management parameters heading:

    1. For wp.ac.impl.EACserverName, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

        If set, wp.ac.impl.EACcellName and wp.ac.impl.EACappname must also be set.

    2. For wp.ac.impl.EACcellName, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

        If set, wp.ac.impl.EACserverName and wp.ac.impl.EACappname must also be set.

    3. For wp.ac.impl.EACappname, type the Namespace context information to further distinguish externalized portal role names from other role names in the namespace.

        If set, wp.ac.impl.EACcellName and wp.ac.impl.EACservername must also be set.

    4. For wp.ac.impl.reorderRoles, type false to keep the role order or true to reorder the roles by resource type first.

      Clustered: Complete this step on all nodes.

  5. Enter the following parameters in wkplc_comp.properties under the SiteMinder heading:

    1. For wp.ac.imp.SMDomain, type the eTrust SiteMinder Domain containing all externalized resources.

    2. For wp.ac.impl.SMScheme, type the eTrust SiteMinder Authentication scheme object name to use when creating realms.

    3. For wp.ac.impl.SMAgent, type the agent name that is created on eTrust SiteMinder for a specific external security manager instance.

    4. For wp.ac.impl.SMAgentPwd, type the password for wp.ac.impl.SMAgent.

    5. For wp.ac.impl.SMadminId, type the administrative user ID that eTrust SiteMinder will use to access the eTrust SiteMinder policy server.

    6. For wp.ac.impl.SMAdminPwd, type the password for wp.ac.impl.SMadminId.

    7. For wp.ac.impl.SMUserDir, type the eTrust SiteMinder User Directory object referencing the LDAP user registry.

    8. For wp.ac.impl.SMFailover, type true if more than one server is listed in wp.ac.impl.SMServers or type false if no additional servers are available for failover.

    9. For wp.ac.impl.SMServers, type a comma-delimited list of servers for the eTrust SiteMinder agent.

      Clustered: Complete this step on all nodes.

  6. Save changes to the properties file.

  7. Run the following task to configure eTrust SiteMinder for authentication and authorization:

    • Windows: ConfigEngine.bat enable-sm-all from the WP_PROFILE/ConfigEngine

    • UNIX: ./ConfigEngine.sh enable-sm-all from the WP_PROFILE/ConfigEngine

      Clustered: Complete this step on all nodes.

  8. Stop and restart the appropriate servers to propagate the changes.

Depending on configuration, the XML configuration interface may not be able to access WebSphere Portal through eTrust SiteMinder. To allow xmlaccess.sh to access, use eTrust SiteMinder to define the configuration URL (/wps/config) as unprotected. Refer to the eTrust SiteMinder documentation for specific instructions.


Parent

Configure eTrust SiteMinder


Related tasks


Start and stop servers, dmgrs, and node agents

 


+

Search Tips   |   Advanced Search