CA Single Sign On (formerly CA SiteMinder) Registry
Article ID: 375929
Updated On:
Products
Issue/Introduction
CA Single Sign On (formerly CA SiteMinder) Registry
The following table shows a summary of the registry key used by SiteMinder with a brief description for each of the keys.
Environment
Any PS/WA version?
Any OS version?
Cause
Additional Informations:
Notes :
This is a work in progress and will be updated on a regular basis.
For WIN64 the path will be inside a "wow6432node" node.
For e.g. for WIN32 : HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\CurrentVersion\Database\SessionServer
For WIN64 : HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Database\SessionServer
Windows/Intel and Linux paths are based on WIN32
SiteMinder version referenced is : R12.8.x. Some of the registry entries might not be applicable to the older release.
For any clarifications, you can put a comment below.
Resolution
|
Path |
Key Name | Default Value | Type | Purpose | Modified By | Notes |
|---|---|---|---|---|---|---|
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion |
Location | C:\Program Files\netegrity\siteminder | REG_SZ | Install folder of Site Minder | Installer | These values are written by the installer and should not be modified. They are only changed when the installer is run again for an upgrade. |
| FullVersion | REG_SZ | Version of Site Minder being installed | Installer | |||
| Name | REG_SZ | User name installing the product | Installer | |||
| Company | REG_SZ | Name of company | Installer | |||
| Language | REG_SZ | Language in which Site Minder is installed | Installer | |||
| Version | REG_SZ | Short version of Site Minder (nn.mm) | Installer | |||
| Update | REG_SZ | Service Pack version | Installer | |||
| Label | REG_SZ | Build or CR number | Installer | |||
| MasterKeyFile | REG_SZ | Location of master key file | ||||
| InstallKey | REG_SZ | Install key value | ||||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Accounting |
Thread Pool Size | REG_DWORD | Obsolete this has been moved to the PolicyServer registry Key | |||
| Max Tunnel Buffer Size | REG_DWORD | |||||
| Tcp Idle Session Timeout | REG_DWORD | |||||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Administration |
Thread Pool Size | REG_DWORD | Obsolete this has been moved to the PolicyServer registry Key | |||
| Max Tunnel Buffer Size | REG_DWORD | |||||
| Tcp Idle Session Timeout | REG_DWORD | |||||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Authentication |
Thread Pool Size | REG_DWORD | Obsolete this has been moved to the PolicyServer registry Key | |||
| Max Tunnel Buffer Size | REG_DWORD | |||||
| Tcp Idle Session Timeout | REG_DWORD | |||||
|
HEKY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Authorization |
Thread Pool Size | REG_DWORD | Obsolete this has been moved to the PolicyServer registry Key | |||
| Max Tunnel Buffer Size | REG_DWORD | |||||
| Tcp Idle Session Timeout | REG_DWORD | |||||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Crypto |
CryptoProvider | 0 | REG_DWORD | Type of encryption provider - 0=BSAFE, 1=PKCS11 | By Hand | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database |
Version | REG_SZ | Version of the ODBC library used | By Hand | ||
| OdbcBrandingLib | sminstallapi | REG_SZ | The ODBC branding library | By Hand | ||
| UpdateSyncDelay | 0 | REG_DWORD | Delay to be used for synchronization updates in milliseconds | By Hand | ||
| ConnectionTimeout | 1 | REG_DWORD | The time out value for DB connections in seconds | By Hand | ||
| ConnectionHangwaitTime | 70 | REG_DWORD | ||||
| LoginTimeout | 15 | REG_DWORD | ||||
| QueryTimeout | 30 | REG_DWORD | ||||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database\Default |
Data Source | SiteMinder Data Source | REG_SZ | Name of the Policy Store data source to connect to | SM Console | |
| User Name | REG_SZ | User name to use for the connection | SM Console | |||
| Password | REG_SZ | Password to use for the connection | SM Console | |||
| MaxConnections | 25 | REG_DWORD | Maximum parallel connections allowed to the data source | SM Console | ||
| ProviderNamespace | ODBC: | REG_SZ | Data source provider name space | SM Console | Valid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP | |
| Enabled | 1 | REG_DWORD | 0 = Disabled 1 = Enabled | By Hand | Policy Store is always enabled | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database\Key |
Data Source | SiteMinder Keys Data Source | REG_SZ | Name of the Key Store data source to connect to | SM Console | |
| User Name | REG_SZ | User name to use for the connection | SM Console | |||
| Password | REG_SZ | Password to use for the connection | SM Console | |||
| Use Default | 1 | REG_DWORD | 0 = Use a different Key Store 1 = Use Policy Store as the Key Store | SM Console | ||
| MaxConnections | 5 | REG_DWORD | Maximum parallel connections allowed to the data source | SM Console | ||
| ProviderNamespace | ODBC: | REG_SZ | Data source provider name space | SM Console | Valid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP | |
| Enabled | 1 | REG_DWORD | 0 = Disabled 1 = Enabled | By Hand | Key Store is always enabled | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database\Log |
Data Source | SiteMinder Logs Data Source | REG_SZ | Name of the data source to store the audit logs in | SM Console | |
| User Name | REG_SZ | User name to use for the connection | SM Console | |||
| Password | REG_SZ | Password to use for the connection | SM Console | |||
| Use Default | 0 | REG_DWORD | 0 = Use a different Log Store 1 = Use Policy Store as the Log Store | SM Console | ||
| MaxConnections | 15 | REG_DWORD | Maximum parallel connections allowed to the data source | SM Console | ||
| ProviderNamespace | TEXT: | REG_SZ | Data source provider name space | SM Console | Valid values are TEXT: and ODBC: to indicate whether to store to a file or DB | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database\SessionServer |
Data Source | SiteMinder Session Data Source | REG_SZ | Name of the Session Store data source to connect to | SM Console | |
| User Name | REG_SZ | User name to use for the connection | SM Console | |||
| Password | REG_SZ | Password to use for the connection | SM Console | |||
| Use Default | 0 | REG_DWORD | 0 = Use a different Session Store 1 = Use Policy Store as the Session Store | SM Console | ||
| MaxConnections | 16 | REG_DWORD | Maximum parallel connections allowed to the data source | SM Console | ||
| Enabled | 0 | REG_DWORD | 0 = Disabled 1 = Enabled | SM Console | ||
| ProviderNamespace | ODBC: | REG_SZ | Data source provider name space | SM Console | Valid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Database\Token |
Data Source | SiteMinder Tokens Data Source | REG_SZ | Name of the Token Store data source for hardware authentication tokens to connect to | SM Console | |
| User Name | REG_SZ | User name to use for the connection | SM Console | |||
| Password | REG_SZ | Password to use for the connection | SM Console | |||
| Use Default | 0 | REG_DWORD | 0 = Use a different Token Store 1 = Use Policy Store as the Token Store | SM Console | ||
| MaxConnections | 10 | REG_DWORD | Maximum parallel connections allowed to the data source | SM Console | ||
| ProviderNamespace | ODBC: | REG_SZ | Data source provider name space | SM Console | Valid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Debug |
Console | 0 | REG_DWORD | This key is obsolete with introduction of the new smerrlog facility | None | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds |
Namespaces | LDAP:,ODBC:,WinNT:,Custom:,AD | REG_SZ | List of supported namespaces | Installer | |
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\ClassFilters |
WinNT: | Group | REG_SZ |
The granularity of the response of the Sm_PolicyApi_GetDirectoryContents() function for WINNT: namespace is governed by this key |
By Hand | |
| LanMan: | Group | REG_SZ |
The granularity of the response of the Sm_PolicyApi_GetDirectoryContents() function for LanMan: namespace is governed by this key |
By Hand | ||
| LDAP: |
organization,organizationalUnit,groupOfNames, groupOfUniqueNames,group |
REG_SZ |
The granularity of the response of the Sm_PolicyApi_GetDirectoryContents() function for LDAP: namespace is governed by this key |
By Hand | ||
| AD: |
organization,organizationalUnit,groupOfNames, groupOfUniqueNames,group |
REG_SZ |
The granularity of the response of the Sm_PolicyApi_GetDirectoryContents() function for LDAP: namespace is governed by this key |
By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\DsCacheParms |
DsInfoEnabled | 1 | REG_DWORD | Is DS Info cache enabled | By Hand |
Valid values 0 = Disabled 1 = Enabled |
| DsInfoTimeoutSeconds | 3600 | REG_DWORD | Life time of the entries in cache in seconds | By Hand | ||
| DsInfoMaxSizeMB | 10 | REG_DWORD | DS Info cache maximum size in mega bytes | By Hand | ||
| UserPolicyCacheMaxSize | 1000 | REG_DWORD | User Policy cache maximum size in mega bytes | By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\GroupClassFilters |
LDAP: | groupOfNames,groupOfUniqueNames,group | REG_SZ | The group attribute types filter that should be used when retrieving group objects from LDAP | By Hand | |
| AD: | groupOfNames,groupOfUniqueNames,group | REG_SZ | The group attribute types filter that should be used when retrieving group objects from Active Directory | By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\LdapMatchUserDN |
group | member | REG_SZ | The group attribute type to use when matching User DN group | By Hand | |
| groupOfNames | member | REG_SZ | The group attribute type to use when matching User DN group of names | By Hand | ||
| groupOfUniqueNames | uniqueMember | REG_SZ | The group attribute type to use when matching User DN group of unique names | By Hand | ||
| organizationalRole | roleOccupant | REG_SZ | The group attribute type to use when matching User DN organizational role | By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\LDAPProvider |
EnableReferrals | 1 | REG_DWORD | Determines if any LDAP referrals are handled by the Policy Server. If set to 0, no LDAP referrals will be accepted by the Policy Server. If set to 1, the Policy Server accepts LDAP referrals. | By Hand | |
| EnableEnhancedReferrals | 1 | REG_DWORD | To allow the Policy Server to use enhanced handling LDAP referrals at the Policy Server, rather than allowing LDAP referral handling by the LDAP SDK layer. | SM Console |
Valid values 0 = No 1 = Yes |
|
| MaxReferralHops | 10 | REG_DWORD | Indicates the maximum number of consecutive referrals that will be allowed while attempting to resolve the original request. Since a referral can point to a location that requires additional referrals, this limit is helpful when replication is misconfigured, causing referral loops. | SM Console | ||
| EnableObjectCategory | 0 | REG_DWORD | Enable or disable ObjectCategory attribute support | By Hand |
Valid values 0 = No 1 = Yes |
|
| EnablePagingADNameSpace | 0 | REG_DWORD | To support searches of large numbers of users in the Active Directory namespace, enable the following new registry key by setting it to one | By Hand |
Valid values 0 = No 1 = Yes |
|
| EnableADEnhancedReferrals | 1 | REG_DWORD | Use LDAP Namespace for an Active Directory User Directory Connection. When accessing an Active Directory user directory using an LDAP namespace, set this registry key to 0 | By Hand |
Valid values 0 = No 1 = Yes |
|
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\NamespaceProviders |
LanMan: | smdslanman | REG_SZ | The library that provides for LanMan namespace | By Hand | |
| WinNT: | smdswinnt | REG_SZ | The library that provides for WinNT namespace | By Hand | ||
| ADSI: | smdsadsi | REG_SZ | The library that provides for ADSI namespace | By Hand | ||
| LDAP: | smdsldap | REG_SZ | The library that provides for LDAP namespace | By Hand | ||
| ODBC: | smdsodbc | REG_SZ | The library that provides for ODBC namespace | By Hand | ||
| Custom: | smdscustom | REG_SZ | The library that provides for Custom namespace | By Hand | ||
| AD: | smdsldap_ms | REG_SZ |
The library that provides for AD namespace |
By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\OrgClassFilters |
LDAP: | organization,organizationalUnit | REG_SZ | The organizational units that should be retrieved for LDAP: | By Hand | |
| AD: | organization,organizationalUnit | REG_SZ | The organizational units that should be retrieved for AD: | By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\OrgResolution |
User | 1 | REG_DWORD | Organization resolution is done by checking user's org path | By Hand | |
| Group | 0 | REG_DWORD | Organization resolution is done by checking user's groups org paths | By Hand | ||
| Role | 0 | REG_DWORD | Organization resolution is done by checking user's roles org paths | By Hand | ||
|
HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\ CurrentVersion\Ds\PolicyClassFilters |
WinNT: | Group, User | REG_SZ | The object classes that should be retrieved for WINNT: | By Hand | An objectClass is a collection of attributes (or an attribute container). Provide a comma separated list of object classes that should be retrieved for each namespace. |
| LanMan: | Group, User | REG_SZ | The object classes that should be retrieved for LanMan: | By Hand | ||
| LDAP: |
organizationalPerson,inetOrgPerson, organization,organizationalUnit,groupOfNames, groupOfUniqueNames,group |
REG_SZ | The object classes that should be retrieved for LDAP: | By Hand | ||
| ODBC: | Group, User | REG_SZ | The object classes that should be retrieved for ODBC: | By Hand | ||
| AD: |
organizationalPerson,inetOrgPerson, organization,organizationalUnit, groupOfNames,groupOfUniqueNames, group |
REG_SZ | The object classes that should be retrieved for AD: | By Hand |
Additional Information
Feedback
