How to create and set up CA Directory Instance (R12-SP1 DxGrid) as Policy Store for R12-SP2 Policy server and above.
search cancel

How to create and set up CA Directory Instance (R12-SP1 DxGrid) as Policy Store for R12-SP2 Policy server and above.


Article ID: 51080


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



This document describes how to create and set up CA Directory (R12-SP1 DxGrid) Instance, so that it can be used as a policy store for R12-SP2 Policy server and above.


Perform the following steps to create and setup CA Directory (R12-SP1 DxGrid) Instance DSA for Policy Store -

  1. Create the new DSA by running the following command:

    • dxnewdsa DSA_Name port "o=DSA_Name,c=country_code"

    DSA_Name: -Specifies the name of the DSA.
    Port: - Specifies the port on which the DSA is to listen.
    o=DSA_Name,c=country_code: -Specifies the DSA prefix.

    Example: "o=psdsa,c=US"
    The dxnewdsa utility starts the new DSA.

    Note: If the DSA does not automatically start, run the following:
    dxserver start DSA_Name

  2. Create the Policy Store Schema
    Copy the following files into the CA Directory DXHOME\config\schema directory:

    DXHOME: Specifies the Directory Server installation path.

    Note: The netegrity.dxc file is installed with the Policy Server in policy_server_home\eTrust. The etrust.dxc file is installed with the Policy Server in siteminder_home\xps\db.

    siteminder_home: Specifies the policy server installation path.

    Important! By default, CA Directory configuration files are read-only. Any CA Directory files that you are instructed to modify must be updated for write permission. Once the files are updated, you can revert the permission to read-only.

    In general all or most of these files need to have read/write/exe permission for the DSA user:

  3. Create a new SiteMinder schema file by copying the default.dxg schema file and renaming it.

    Note: The default.dxg schema file is located in DXHOME\config\schema\default.dxg.

    Example: copy the default.dxg schema file and rename the copy to smdsa.dxg

  4. Add the following lines to the bottom of the new SiteMinder schema file:

    #CA Schema
    source "netegrity.dxc";
    source "etrust.dxc";

  5. Edit the DSA's DXI file (DSA_Name.dxi) by changing the schema from default.dxg to the new SiteMinder schema file.

    DSA_Name:- Represents the name of the DSA you created using the dxnewdsa utility.

    Note: the DSA's DXI file is located in DXHOME\config\servers.

  6. Add the following lines to the end of the DSA's DXI file:

    Comment these first 3 values from the dsa.dxi file
    # cache configuration
    #set max-cache-size = 100;
    #set cache-attrs = all-attributes;
    #set cache-load-all = true;
    set ignore-name-bindings = true;

    Add/UnComment the following line -
    set ignore-name-bindings = true;

  7. Open the DSA's default DXC file (default.dxc).

    Edit the settings in default.dxc to match the following:

    Note: The default DXC file is located in DXHOME\dxserver\config\limits.
    # size limits
    set max-users = 1000;
    set credits = 5;
    set max-local-ops = 1000;
    set max-op-size = 4000;
    set multi-write-queue = 20000;

    NOTE: - We need to set max-op-size = 4000; since this there are over 3000 objects in XPS.

    Note: Editing the size limits settings prevents cache size errors from appearing in your CA Directory log files.
    Important! The multi-write-queue setting is for text?based configurations only. If the DSA is set up with DXmanager, omit this setting.

  8. Save the DXC file.

  9. As the DSA user, stop and restart the DSA using the following commands:

    dxserver stop DSA_Name
    dxserver start DSA_Name

    DSA_Name:- Specifies the name of the DSA.

    That's it. The policy store schema is now created and can be configured to be used as Policy store for R12-SP2 and above Policy Server.

For Details on how to configure and setup this Policy Store refer to - Policy Server Installation Guide For-R12-SP3 Section - CA Directory as a Policy Store on Page 103.


Component: SMPLC