search cancel

Policy Server how to Session Store config with CA Directory


Article ID: 224777


Updated On:


SITEMINDER CA Single Sign On Federation (SiteMinder)



When running a Policy Server, how to install and configure a Session
Store to implement SLO in Federation journey ?




Policy Server 12.8SP5 on RedHat 7




Configuring CA Directory as Session Store, the documentation here
should be followed (1).

Enable it by following these steps from documentation too (2).

About the section

  "Add a Session Store Administrative User and Root DN for the DSA"

this can be achieved by using "Apache Directory Studio".

Here are the step by step to configure the CA Directory instance for
Session Store. This is a sample to illustrate how to configure it.

Sample lab:

  The IP of CA Directory is :
  The Port of the CA Directory is : 10400
  The name of the instance : sessionstore

Here's the step by step. Follow the attached document to get screen shot of each of them.


  - Install "Apache Directory Studio" on a Windows machine;
  - Start "Apache Directory Studio";



  - On the top menu, click "LDAP";
  - Click "New Connection...";
  - In "Connection Name", write "sessionstore";
  - In "Hostname:" write "";
  - In "Port:" write "10400";
  - Click "Next";
  - In "Authentication Method", select "No Authentication";
  - Click "Finish";



  - In the "Connection" panel on the left bottom, double click on
    "sessionstore" to connect to the instance;
  - In the "LDAP Browser" panel on the left top, right-click on
    "dc=training,dc=com", select "New", select "New Entry";
  - Select "Create entry from scratch";
  - Click "Next";
  - On the left "Available object classes", select "inetOrgPerson";
  - Click "Add";
  - Click "Next";
  - In RDN: select "cn" on the left box, and write "sessionstore" on the
    right box;
  - Note the DN Preview: "cn=sessionstore,dc=training,dc=com";
  - Click "Next";
  - On the right box of the sn line, write "sessionstore";
  - Click on the icon "New Attribute...";
  - In "Attribute type", select "userPassword";
  - Click "Next";
  - Click "Finish";
  - In "Enter New Password:" write "mypassword";
  - In "Confirm New Password:" write "mypassword";
  - Click "Ok";
  - Click "Finish";


  Go on the Policy Server and start the smconsole :

  Click on "Data" tab;

  - In "Database", select "Session Store";
  - In "Storage", select "CA Directory";
  - In "LDAP IP Address", write "";
  - In "Root DN", write "dc=training,dc=com";
  - In "Admin User Name", write "cn=sessionstore,dc=training,dc=com";
  - In "Password", write "mypassword";
  - In "Confirm Password", write "mypassword";
  - Click on "Test LDAP Connection";
  - Click "Ok";
  - Click "Apply";
  - Click "Ok";

Stop and start the Policy Server;

In smps.log, those lines mean that the Policy Server connects
successfully to the Session Store :

  [10355/140140829808448][Mon Sep 13 2021
  13:31:11.777][SmSSInLDAPStore.cpp:507][INFO][sm-Ldap-02160] Opening
  session server connection to CA Directory: ' '
  [10355/140139659278080][Mon Sep 13 2021
  13:31:12.914][SmSSProvider.cpp:153][INFO][sm-Server-04260] The
  session server watchdog thread has started.
  [10355/140139625707264][Mon Sep 13 2021
  13:31:12.915][SmSSProvider.cpp:134][INFO][sm-Server-04240] The
  session server maintenance thread has started.


Additional Information



    Configure Symantec Directory as a Session Store


    Session Store Configuration



1632730541752__session-store.rtf get_app