Can SiteMinder R12.8.x with Advanced Password Services be configured at the User Directory or at the SiteMinder Domain Level

book

Article ID: 198278

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

With SiteMinder configured with Advanced Password Services, is there a way to disable APS's adding/updating smaps attribute for users in a certain user directory or for a domain?  We have an Active Directory user store, of which the schema doesn't allow APS to create smaps attributes, and we don't have an intention to change the schema.  We can ignore the errors generated for failing to update the user profile.  However, it impacts performance also.  So, we want to disable creating/updating smaps attribute for the Active Directory.  If it cannot be done at that level, can we disable it at a domain level?

Cause

With SiteMinder configured for Advanced Password Services, the Policies defined in the APS.cfg file apply to all User Directory Definitions defined for the Policy Server. There is currently no method to allow limiting APS Password Policies at the Directory/Domain level.

Environment

Release : 12.8

Component : SITEMINDER ADVANCED PASSWORD SERVICES

Resolution



The following steps can be used to disable Advanced Password Services for a Policy Server where is is configured;

1. Stop Policy Server

2. Rename SMAPS.dll from SiteMinder bin folder (libsmaps.so from SiteMinder lib folder in Linux )

3. Rename APS.cfg from SiteMinder bin folder

4. Restart Policy Server