Identity Manager's extensions to Site Minder
search cancel

Identity Manager's extensions to Site Minder


Article ID: 44332


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


This technical document explains the topic of Identity Manager's extensions for Site Minder.


In order to fully integrate these two products, Site Minder must be extended to support Identity Manager. The communication between the products is done by a Site Minder agent that's embedded in the Identity Manager product. This agent needs to be created on the Site Minder site as a 4x agent and specified in the ra.xml to make the connection. This 4x agent code is inside Identity Manager. 

Using this agent, Identity Manager will launch CRUD commands to Site Minder of objects that need to go in the policy store. These objects need to match Identity Manager's objects and will enhance the functionality of Identity Manager. However, Site Minder does not know of these objects on its own. It does need to be extended to be familiar and know how to handle them.

There are two kinds of extensions:

Extensions of the policy store - this will extend the actual schema with the classes of these objects that Identity Manager will create/read/update/delete.

Extensions of the policy server - this will create DLL files, or libraries, on the policy server machine, that will know how to communicate with the policy store.

The 4x agent (aka: Tunnel Agent - because it 'tunnels' Identity Manager's communication to Site Minder) will issue commands, provide and retrieve the data, while the policy server will execute the commands against the policy store.


Release: CAIDMB99000-12.6.8-Identity Manager-B to B


To extend policy server for Identity Manager:

1. Run the Identity Manager's installer on each of your policy server machines that will be specified in the ra.xml. This means on the primary policy server machine as well as any fail over that's specified in the ra.xml.

2. In the installation wizard you need only select the option of Identity Manager's extensions for Site Minder.

3. Finish the installation.


To extend your policy store for Identity Manager:

1. Run the LDIF or SQL file that's provided with Identity Manager for your policy store. The file depends on your type of policy store. The file is found under: IdentityManager\Tools\PolicyStore-Schemas. In this folder you will see many folders for different types of storages. You need to select the file that's inside the folder of your policy store. Run that file using a client tool of that policy store: If your policy store is RDB -> run the SQL script from a SQL client. If your policy store is LDAP then run the LDIF file from a LDAP Browser.


2. Only for Site Minder version 12.5 and higher:

You need to run the IdmSmObjects.xdd file. This file is provided with Site Minder under: siteminder\xps\dd\IdmSmObjects.xdd.

To run it, open a command prompt on your policy server machine, navigate to this folder and run: XPSDDInstall IdmSmObjects.xdd.

This file needs to run after all other xdd files have already run per your normal Site Minder documentation.