Description

Customer is requesting specific steps to create a new SiteMinder Administrator manually.

Customer is running:

• SiteMinder Policy Server and WAM UI R12 SP1.
  
  
• Oracle 10g as Policy, Object and Administrative User store.

Solution

Starting with SiteMinder R12, administrator users can be stored in an external User Directory like an LDAP user directory or a Database user store.

The WAM UI will grant access to an administrator user as long as:

1. The user exists in the User Directory.
   
   
2. The user has the proper privileges in the eXtended Policy Store (XPS).

In this example, we are assuming that the customer wants to register the User 'Mikel' as administrator.

<Please see attached file for image>

The Administrator can be created manually in the XPS via XPSSecurity utility as follows:

1. Execute XPSSecurity:
   
   XPSSecurity is an interactive command-line utility that allows administrators and members of operations to create and delete administrators and edit their rights. XPSSecurity is not installed with SiteMinder Policy Server, but it is included with the SiteMinder Policy Server installation binaries. For security reasons it is always recommended to delete XPSSecurity from your production systems.
   
   

   <Please see attached file for image>

   
   
   
2. Select option A - Administrators.
   
   

   <Please see attached file for image>

   
   
   
3. Select option N - New Administrator.
   
   

   <Please see attached file for image>

   
   
   
4. Select Option 1 (Description) and enter a description. For this example we will enter "Mikel Super User".
   
   

   <Please see attached file for image>

   
   
   
5. Select option 2 (Flags) and then type "?" to interactively set the flags.
   
   

   <Please see attached file for image>

   
   
   
6. Select option 2, this will grant the SuperUser role to the user.
   
   

   <Please see attached file for image>

   
   
   
7. Select option q to quit, then option 4 (Name) and enter the name, the default value is JDBC://jdbc%2Fiamsuitedirectory/2, but it could be any value. For this example, we will enter "Mikel Super User".
   
   

   <Please see attached file for image>

   
   
   
8. Select option 5 and Specify the user path:
   
   

   <Please see attached file for image>

   
   
   In ODBC Administrative User Directories , the user path makes a reference to a number. This number is the unique identifier Attribute that you have defined in your directory.xml file, and the number should match with the id of the user in the Database. For "Mikel" this number is 2 as seen in the example Database Table above.
   
   Here's an snippet of the directory.xml file used in this example:

     <- Begin 

     <Table name="SmUser" primary="true" />     <UniqueIdentifier>     <UniqueIdentifierAttr name="SmUser.UserID"/>     </UniqueIdentifier>   -> End 

   In this example the user path of the user Mikel is: JDBC://jdbc%2Fiamsuitedirectory/2

   In LDAP Administrative User Directories , the user path makes reference to the user in the Administrative User Directory using the following template:

     LDAP://<IP>:<Port>/<DN>   <OR>   LDAP://<HostName>.<Company>.com:<port>/<DN> 

   
   for Instance:

     LDAP://192.168.1.1:396/uid=Mikel,ou=People,dc=ca,dc=com   <OR>   LDAP://MyMachine.ca.com:396/ uid=Mikel,ou=People,dc=ca,dc=com 

9. Select option V (Validate).
   
   

   <Please see attached file for image>

   
   
   
10. Select option U (Update).
    
    

    <Please see attached file for image>

    
    
    
11. Select Q to quit.
    
    

    <Please see attached file for image>

    
    
    The user has now been registered in the XPS and it is ready to use with the WAM UI.