Policy Server how to Session Store config with CA Directory

book

Article ID: 224777

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

 

When running a Policy Server, how to install and configure a Session
Store to implement SLO in Federation journey ?

 

Environment

 

Policy Server 12.8SP5 on RedHat 7

 

Resolution

 

Configuring CA Directory as Session Store, the documentation here
should be followed (1).

Enable it by following these steps from documentation too (2).

About the section

  "Add a Session Store Administrative User and Root DN for the DSA"

this can be achieved by using "Apache Directory Studio".

Here are the step by step to configure the CA Directory instance for
Session Store. This is a sample to illustrate how to configure it.

Sample lab:

  The IP of CA Directory is : 192.168.1.101
  The Port of the CA Directory is : 10400
  The name of the instance : sessionstore

Here's the step by step. Follow the attached document to get screen shot of each of them.

1.

  - Install "Apache Directory Studio" on a Windows machine;
  - Start "Apache Directory Studio";

 

2.

  - On the top menu, click "LDAP";
  - Click "New Connection...";
  - In "Connection Name", write "sessionstore";
  - In "Hostname:" write "192.168.1.101";
  - In "Port:" write "10400";
  - Click "Next";
  - In "Authentication Method", select "No Authentication";
  - Click "Finish";

 

3.

  - In the "Connection" panel on the left bottom, double click on
    "sessionstore" to connect to the instance;
  - In the "LDAP Browser" panel on the left top, right-click on
    "dc=training,dc=com", select "New", select "New Entry";
  - Select "Create entry from scratch";
  - Click "Next";
  - On the left "Available object classes", select "inetOrgPerson";
  - Click "Add";
  - Click "Next";
  - In RDN: select "cn" on the left box, and write "sessionstore" on the
    right box;
  - Note the DN Preview: "cn=sessionstore,dc=training,dc=com";
  - Click "Next";
  - On the right box of the sn line, write "sessionstore";
  - Click on the icon "New Attribute...";
  - In "Attribute type", select "userPassword";
  - Click "Next";
  - Click "Finish";
  - In "Enter New Password:" write "mypassword";
  - In "Confirm New Password:" write "mypassword";
  - Click "Ok";
  - Click "Finish";

4.

  Go on the Policy Server and start the smconsole :

  Click on "Data" tab;

  - In "Database", select "Session Store";
  - In "Storage", select "CA Directory";
  - In "LDAP IP Address", write "192.168.1.101:10400";
  - In "Root DN", write "dc=training,dc=com";
  - In "Admin User Name", write "cn=sessionstore,dc=training,dc=com";
  - In "Password", write "mypassword";
  - In "Confirm Password", write "mypassword";
  - Click on "Test LDAP Connection";
  - Click "Ok";
  - Click "Apply";
  - Click "Ok";

Stop and start the Policy Server;

In smps.log, those lines mean that the Policy Server connects
successfully to the Session Store :

  [10355/140140829808448][Mon Sep 13 2021
  13:31:11.777][SmSSInLDAPStore.cpp:507][INFO][sm-Ldap-02160] Opening
  session server connection to CA Directory: ' 192.168.1.101:10400 '
  
  [10355/140139659278080][Mon Sep 13 2021
  13:31:12.914][SmSSProvider.cpp:153][INFO][sm-Server-04260] The
  session server watchdog thread has started.
  
  [10355/140139625707264][Mon Sep 13 2021
  13:31:12.915][SmSSProvider.cpp:134][INFO][sm-Server-04240] The
  session server maintenance thread has started.

 

Additional Information

 

(1)

    Configure Symantec Directory as a Session Store
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-ca-directory-as-a-session-store.html

(2)

    Session Store Configuration
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-policy-server-data-storage-options/session-store-configuration.html

 

Attachments

1632730541752__session-store.rtf get_app