Configuring eTrust SiteMinder
IBM® WebSphere® Portal supports the use of Computer Associates eTrust SiteMinder for authentication and authorization.
About this task
Procedure
- Install and configure WebSphere Portal, including databases and LDAP user registry.
- Install Computer Associate's Policy Server.
- Install the eTrust SiteMinder Software Development Kit on the same server as WebSphere Portal if you plan to use eTrust SiteMinder for both authentication and authorization. Refer to the eTrust SiteMinder documentation for more information.
- Install the eTrust SiteMinder Application
Server Agent. Configure the eTrust SiteMinder Trust Association
Interceptor (TAI). Follow the instructions in the eTrust SiteMinder documentation Note: Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the wp_profile_root/ConfigEngine/properties directory. By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and should be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:By default, the Application Server Agent installation enables agents other than the one used for authentication. These agents are not tested with WebSphere Portal and must be disabled. Modify the following files in the eTrust SiteMinder installation directory to set EnableWebAgent=no:
- AsaAgent-az.conf
- AsaAgent-auth.conf
- If you plan to use eTrust SiteMinder for both authentication
and authorization, ensure that the following two files are in the WebSphere Application
Server lib/ext directory.
- smjavasdk2.jar
- cryptoj.jar
- Configure the security provider. Go to Configure the JVM to Use the JSafeJCE Security Provider for instructions.
- Create and specify the following eTrust SiteMinder Domain objects
if you plan to use eTrust SiteMinder for
both authentication and authorization. Refer to the eTrust SiteMinder Policy Design documentation
for information about how to create these objects:
- User Directory: The LDAP server and suffix
- Authentication Scheme: Associates with the eTrust SiteMinder realms that WebSphere Portal creates. Note: An eTrust SiteMinder realm is different from an LDAP realm or a basic authentication realm. Within the eTrust SiteMinder administrative console, a realm is an administrative object that represents a protected URL root. An example is /wps/myportal. eTrust SiteMinder realms in combination with eTrust SiteMinder policies determine which users and groups are allowed to go to the protected URL root and its child URL.
- Agent: An eTrust SiteMinder WebAgent that is configured to support 4.x agents or a custom eTrust SiteMinder agent. The agent must have a static shared secret to allow communication with the eTrust SiteMinder Policy Server.