Configure CA Directory as a user directory for SiteMinder Advanced Password Services.


Article ID: 35745


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



How to configure CA Directory as a user store for Advanced Password Services (APS)



1. Extend the CA Directory schema for APS by copying the file CA_APS-eTrust80-user.dxc from the policy server home  <Siteminder_Home>/APS_Docs to CA directory server location: /dxserver/config/schema

2. Navigate to /dxserver/config/schema.

3. Source three files in the server-instance-name.dxg file in this directory by adding the following lines to the server-instance-name.dxg file: 

source "nsroaming.dxc";

source "sunone.dxc";

source "CA_APS-eTrust80-user.dxc";

4.  Stop then start the directory instance.

5.  Add the object class smapsInfo to each user in the directory.  Please consult your LDAP administrator or vendor for directions on how to do this in bulk.

6.  Run APSExpire from the Policy Server to set the smapsNextAction and smapsBaseDate attributes for each user in the directory.

a.      Edit the APS.cfg file on the policy server at /<policy-server-location>/bin

b.      Find the JOBONE parameter.

c.      Set JOBONE to the IP:port of the APS user directory.  (Ex:  JOBONE=

d.      Run APSExpire from the command line on the policy server:

$ APSExpire JOBONE –v –lapsexpire_log.txt –oapsexpire_out.txt –e apsexpire_errors.txt

 e.      View the three logs created to confirm there are no errors.


Examples of APS specific user attributes:


<Please see attached file for image>

APS Specific User Attributes






Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus


1558722518199000035745_sktwi1f5rjvs16wgx.jpeg get_app