A Sample SMSDK Custom Auth that redirects the java stdout and stderr to log files.
search cancel

A Sample SMSDK Custom Auth that redirects the java stdout and stderr to log files.

book

Article ID: 51837

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The Custom Auth scheme can turn on/off the logging dynamically, and when logging it will timestamp the log files and roll them at a set size. The main purpose of this is to assist in java debugging in production systems where it is often difficult to run the policy server from the command line.

Solution:

Using Custom Auth Scheme to redirect java Stdio

This is a HOWTO document explaining how to redirect the java stdio and stderr within SiteMinder. Often you can run the SiteMinder server smpolicysrv.exe from the command line, and view the stderr and stdout messages there, but sometimes that option is not suitable.

The following will redirect the stdout and stderr to a date/timestamp log files of fixed length.

Included with this distribution is a .zip file containing the needed files and a copy of this documentation, and additional documentation on how to compile the module.

Contents:

Installation
    Copy CustomAuth Jar file
    Edit JVMOptions.txt
Policy Configuration
    Create Start Redirect Custom Auth Scheme
    Create Stop Redirect Custom Auth Scheme
    Create Java Agent
    Create Doman for StdioRedirect
    Create Start Trigger Realm
    Create Stop Trigger Realm
Usage Via SM Test Tool
    Start Redirect
    Stop Redirect
Usage Via Remote Agent API Call
    Installation
    Start Redirect
    Stop Redirect

Installation

Copy CustomAuth Jar file

  • You will need to unzip the TEC529675.zip file provided package.

  • From it copy the RedirectStdOut.jar file to appropriate location:
    generally <SMInstallRoot>/lib/RedirectStdOut.jar will do

Note: The RedirectStdOut.jar file needs to be recompiled with the specific version of java and Siteminder SDK that matches your policy server. The current version is JDK 1.4 and SMSDK 6 SP4 to match the current requirement.

Edit JVMOptions.txt

  • Edit the <SMInstallRoot>/config/JVMOptions.txt file.

  • Check that it has a SmJavaApi.jar in the path, it will generally be:
    <SMInstallRoot>/ \bin\jars\SmJavaApi.jar

  • Add the new RedirectStdio.jar to the -Djava.class.path attribute. The new value can be added anywhere in the path, but in editing make sure it is all on one line still.
    -Djava.class.path= .... C:\ca\siteminder\lib\RedirectStdio.jar .....

Policy Configuration

Create Start Redirect Custom Auth Scheme

Name: CustStdioRedirectStart
Library: smjavaapi
Parameter: com.netegrity.sdk.example.redirectstdio.AuthApiSample Start prefix=C:\Test1_ rolloverSize=5000

Note: There is a space between each of the above elements.

The parameters are:

Class to Runcom.netegrity.sdk.example.redirectstdio.AuthApiSample
Command:Start
prefix for log fileprefix=C:\Test1_
Size to rollover log filerolloverSize=5000

The first is the cmd, the prefix will be the path used to place the stdio and stderr files, and the rolloverSize is the size at which the log file will rollover.

<Please see attached file for image>

Figure 1

Create Stop Redirect Custom Auth Scheme

Name: CustStdioRedirectStart
Library: smjavaapi
Parameter: com.netegrity.sdk.example.redirectstdio.AuthApiSample Stop

Note: There is a space between each of the above elements.

The parameters are:

Class to Runcom.netegrity.sdk.example.redirectstdio.AuthApiSample
Command:Stop

<Please see attached file for image>

Figure 2

Create Java Agent

Create a SM 4.x agent type that we can use via the Test Tool or from a java api call and put in a password.

The parameters are:

NameJavaagent
Support 4.x AgentsYes
HostnameAny
SecretAny but remember

<Please see attached file for image>

Figure 3

Create Doman for StdioRedirect

Create a domain, that will only be available for our "javagent" so it will not be visible for any other webserver. Any user store can be used, we do not need to log onto it.

The parameters are:

NameRedirectDomain

<Please see attached file for image>

Figure 4

Create Start Trigger Realm

The trigger realm is the URL that needs to be hit in order to start the redirecting process.

It will be access only via the SM Test Tool, or the Java Agent API using the special agent, it will not be available on any other webserver.

The parameters are:

AgentJavaagent
Resource Filter/startredirecttrigger
Auth SchemeCustStdioRedirectStart

<Please see attached file for image>

Figure 5

Create Stop Trigger Realm

The trigger realm is the URL that returns logging back to normal.

The trigger realm is the URL that needs to be hit in order to start the redirecting process.

It will be access only via the SM Test Tool, or the Java Agent API using the special agent, it will not be available on any other webserver.

The parameters are:

AgentJavaagent
Resource Filter/stopredirecttrigger
Auth SchemeCustStdioRedirectStop

<Please see attached file for image>

Figure 6

Usage Via SM Test Tool

Start Redirect

Using the SMTest tool connect the agent to the policy server using the java agent parameters,

The parameters are:

Agentjavaagent
Secret<as before>
Resource Filter/startredirecttrigger/index.html
Action:Get
UsernameAny value will do
PasswordAny value will do

Then using the start redirect URL do the:

  1. Connect Call
  2. IsProtected Call
  3. IsAuthenticated Call

The policy server should now have it's Stdio redirected to the files indicated, future java io should be redirected.

<Please see attached file for image>

Figure 7

Stop Redirect

Using the SMTest tool connect the agent to the policy server using the java agent parameters,

The parameters are:

Agentjavaagent
Secret<as before>
Resource Filter/stopredirecttrigger/index.html
Action:Get
UsernameAny value will do
PasswordAny value will do

Then using the start redirect URL do the:

  1. Connect Call
  2. IsProtected Call
  3. IsAuthenticated Call

The policy server should now have it's Stdio redirected to the files indicated, future java io should be redirected.

<Please see attached file for image>

Figure 8

Usage Via Remote Agent API Call

The trigger to redirect stdio can be delivered from a remote agent, as long as it is logged on as the "javaagent" identified before access the /stopredirect and /startredirect URL's provided.

The package TEC529675.zip contains a client package that can be installed on any workstation, as long as it has access to the policy server which you want to send the command to.

The version provided here requires Java 1.5, but otherwise is self contained.

Installation

  1. You will need to unzip the TEC529675.zip file provided package.

  2. Edit the runAgent.bat file.

  3. Set the following variable in the bat file appropriately for your environment.

    set JAVA_HOME=C:\Program Files\Java\jdk1.5.0_14

    Edit the webagent.properties file ensure the following setting s are correct:
    # Policy Server
#policyServer=localhost
#policyServer=127.0.0.1
policyServer=192.168.10.176
 
# Agent connect properties
agentName =javaagent
agentPassword =password
 
# not really needed, in this case
userName =user1
userPassword=password

Start Redirect

To start the java stdio redirection type the following command:

     runAgent.sh Start

Stop Redirect

To stop the java stdio redirection type the following command:

     runAgent.sh Stop

Environment

Release:
Component: SMPLC

Attachments

1558711737071000051837_sktwi1f5rjvs16sch.gif get_app
1558711735190000051837_sktwi1f5rjvs16scg.gif get_app
1558711733233000051837_sktwi1f5rjvs16scf.gif get_app
1558711731368000051837_sktwi1f5rjvs16sce.gif get_app
1558711729603000051837_sktwi1f5rjvs16scd.gif get_app
1558711727508000051837_sktwi1f5rjvs16scc.gif get_app
1558711725417000051837_sktwi1f5rjvs16scb.gif get_app
1558711723188000051837_sktwi1f5rjvs16sca.gif get_app
1558535382134TEC529675.zip get_app
Powered by Wolken Software