When running a Policy Server, how to install and configure a Session
Store to implement SLO in Federation journey ?
Policy Server 12.8SP5 on RedHat 7
Configuring CA Directory as Session Store, the documentation here
should be followed (1).
Enable it by following these steps from documentation too (2).
About the section
"Add a Session Store Administrative User and Root DN for the DSA"
this can be achieved by using "Apache Directory Studio".
Here are the step by step to configure the CA Directory instance for
Session Store. This is a sample to illustrate how to configure it.
Sample lab:
The IP of CA Directory is : 192.168.1.101
The Port of the CA Directory is : 10400
The name of the instance : sessionstore
Here's the step by step. Follow the attached document to get screen shot of each of them.
1.
- Install "Apache Directory Studio" on a Windows machine;
- Start "Apache Directory Studio";
2.
- On the top menu, click "LDAP";
- Click "New Connection...";
- In "Connection Name", write "sessionstore";
- In "Hostname:" write "192.168.1.101";
- In "Port:" write "10400";
- Click "Next";
- In "Authentication Method", select "No Authentication";
- Click "Finish";
3.
- In the "Connection" panel on the left bottom, double click on
"sessionstore" to connect to the instance;
- In the "LDAP Browser" panel on the left top, right-click on
"dc=training,dc=com", select "New", select "New Entry";
- Select "Create entry from scratch";
- Click "Next";
- On the left "Available object classes", select "inetOrgPerson";
- Click "Add";
- Click "Next";
- In RDN: select "cn" on the left box, and write "sessionstore" on the
right box;
- Note the DN Preview: "cn=sessionstore,dc=training,dc=com";
- Click "Next";
- On the right box of the sn line, write "sessionstore";
- Click on the icon "New Attribute...";
- In "Attribute type", select "userPassword";
- Click "Next";
- Click "Finish";
- In "Enter New Password:" write "mypassword";
- In "Confirm New Password:" write "mypassword";
- Click "Ok";
- Click "Finish";
4.
Go on the Policy Server and start the smconsole :
Click on "Data" tab;
- In "Database", select "Session Store";
- In "Storage", select "CA Directory";
- In "LDAP IP Address", write "192.168.1.101:10400";
- In "Root DN", write "dc=training,dc=com";
- In "Admin User Name", write "cn=sessionstore,dc=training,dc=com";
- In "Password", write "mypassword";
- In "Confirm Password", write "mypassword";
- Click on "Test LDAP Connection";
- Click "Ok";
- Click "Apply";
- Click "Ok";
Stop and start the Policy Server;
In smps.log, those lines mean that the Policy Server connects
successfully to the Session Store :
[10355/140140829808448][Mon Sep 13 2021
13:31:11.777][SmSSInLDAPStore.cpp:507][INFO][sm-Ldap-02160] Opening
session server connection to CA Directory: ' 192.168.1.101:10400 '
[10355/140139659278080][Mon Sep 13 2021
13:31:12.914][SmSSProvider.cpp:153][INFO][sm-Server-04260] The
session server watchdog thread has started.
[10355/140139625707264][Mon Sep 13 2021
13:31:12.915][SmSSProvider.cpp:134][INFO][sm-Server-04240] The
session server maintenance thread has started.
(1)
Configure Symantec Directory as a Session Store
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-ca-directory-as-a-session-store.html
(2)
Session Store Configuration
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-policy-server-data-storage-options/session-store-configuration.html