The integration of Identity Manager and Single Sign-On is a difficult undertaking with many manual steps.
This document provides the most comprehensive approach to integrating the two products, while providing steps to avoid the most common problems.
Identity Manager 14.x
Single Sign-On Policy Server 12.x
00. Backup IM databases / SM policy store using database tools/directory tools & XPSExport -xb (all) & -xa (env)
0. View IM database tables in the object store to capture/record current SMOID number for UserStores and IME. This will be used to validate that IM was updated with new SMOID #s.
Capture IME (env) SMOID: 35-XXXXXXXX-XXXXX-XXXX-XXXX-XXXX-XXXXddb00000
Capture IMCD (Corporate Directory) SMOID: 32-XXXXXXXX-XXXX-XXXX-XXXX-XXXXddb00000
Capture IMPD ( Provisioning Directory) SMOID: 32-*********-XXXX-XXXX-XXXX-XXXXddb00000
1. Configure the SiteMinder Policy Store for CA IdentityMinder.
2. Import the CA IdentityMinder Schema into the Policy Store.
2a. Install/Verify the CA Single Sign-On Extension
3. Create a SiteMinder 4.X agent object.
4a.Export the CA IdentityMinder directories and environments, via the /immanage console
4b. Open the ENV_environment_roles.xml with NotePad++/TextPad;
search for object=""UNKNOWN"" to see if any issues will occur upon re-importing of this file.
These issues appear if there are missing custom java jar files. Replace missing java jar files; then re-export IME.
4c Shutdown all but one SM Policy Server (This is to prevent potential problems with replication race conditions)
4d Shutdown all but one IDM J2EE (Jboss/Weblogic/WebSphere) server running
5a. Use XPSExplorer to check for objects of type IMSEnvironment, IMSDirectory or IMSAdditionalProperties. Delete any objects of these type manually.
5b. Run ""XPSweeper""
7.1 Run XPSExport -xa / -xb to keep a clean copy (on Policy Server that is still running.).
8. Restart the application server that is still running.
9. Configure a data source for SiteMinder. (Only if using RDB user stores)
10a. Create a empty IME to make sure we can re-create objects
11. Update and import environment definitions.
- manual import settings.xml (with NO custom components).
- restart J2EE (Jboss/Weblogic/WebSphere)
- manual create custom components: EventListener, WFParticipantResolver, LAH, restart J2EE (Jboss/Weblogic/WebSphere)
12. Restart the application server. [Restart only ONE server.]
13. Install the web proxy server plug-in.
16. Restart all other application servers of the IM cluster.
17. Restart all other SM Policy Servers
18. Manually Rebuild IM Realms Objects/Update AuthSchema/Rules in SiteMinder to match prior state. Any object under default IME domain has been rebuilt with defaults.