search cancel

How can I create a WAM UI Administrator manually?

book

Article ID: 54051

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

Customer is requesting specific steps to create a new SiteMinder Administrator manually.

Customer is running:

  • SiteMinder Policy Server and WAM UI R12 SP1.

  • Oracle 10g as Policy, Object and Administrative User store.

Solution

Starting with SiteMinder R12, administrator users can be stored in an external User Directory like an LDAP user directory or a Database user store.

The WAM UI will grant access to an administrator user as long as:

  1. The user exists in the User Directory.

  2. The user has the proper privileges in the eXtended Policy Store (XPS).

In this example, we are assuming that the customer wants to register the User 'Mikel' as administrator.

<Please see attached file for image>

Figure 1

The Administrator can be created manually in the XPS via XPSSecurity utility as follows:

  1. Execute XPSSecurity:

    XPSSecurity is an interactive command-line utility that allows administrators and members of operations to create and delete administrators and edit their rights. XPSSecurity is not installed with SiteMinder Policy Server, but it is included with the SiteMinder Policy Server installation binaries. For security reasons it is always recommended to delete XPSSecurity from your production systems.

    <Please see attached file for image>

    Figure 2

  2. Select option A - Administrators.

    <Please see attached file for image>

    Figure 3

  3. Select option N - New Administrator.

    <Please see attached file for image>

    Figure 4

  4. Select Option 1 (Description) and enter a description. For this example we will enter "Mikel Super User".

    <Please see attached file for image>

    Figure 5

  5. Select option 2 (Flags) and then type "?" to interactively set the flags.

    <Please see attached file for image>

    Figure 6

  6. Select option 2, this will grant the SuperUser role to the user.

    <Please see attached file for image>

    Figure 7

  7. Select option q to quit, then option 4 (Name) and enter the name, the default value is JDBC://jdbc%2Fiamsuitedirectory/2, but it could be any value. For this example, we will enter "Mikel Super User".

    <Please see attached file for image>

    Figure 8

  8. Select option 5 and Specify the user path:

    <Please see attached file for image>

    Figure 9

    In ODBC Administrative User Directories , the user path makes a reference to a number. This number is the unique identifier Attribute that you have defined in your directory.xml file, and the number should match with the id of the user in the Database. For "Mikel" this number is 2 as seen in the example Database Table above.

    Here's an snippet of the directory.xml file used in this example:
      <- Begin 
      <Table name="SmUser" primary="true" />     <UniqueIdentifier>     <UniqueIdentifierAttr name="SmUser.UserID"/>     </UniqueIdentifier>   -> End 

    In this example the user path of the user Mikel is: JDBC://jdbc%2Fiamsuitedirectory/2

    In LDAP Administrative User Directories , the user path makes reference to the user in the Administrative User Directory using the following template:
      LDAP://<IP>:<Port>/<DN>   <OR>   LDAP://<HostName>.<Company>.com:<port>/<DN> 

    for Instance:
      LDAP://192.168.1.1:396/uid=Mikel,ou=People,dc=ca,dc=com   <OR>   LDAP://MyMachine.ca.com:396/ uid=Mikel,ou=People,dc=ca,dc=com 
  9. Select option V (Validate).

    <Please see attached file for image>

    Figure 10

  10. Select option U (Update).

    <Please see attached file for image>

    Figure 11

  11. Select Q to quit.

    <Please see attached file for image>

    Figure 12

    The user has now been registered in the XPS and it is ready to use with the WAM UI.

Environment

Release:
Component: SMPLC

Attachments

1558713965097000054051_sktwi1f5rjvs16t9e.gif get_app
1558713963079000054051_sktwi1f5rjvs16t9d.gif get_app
1558713961310000054051_sktwi1f5rjvs16t9c.gif get_app
1558713959227000054051_sktwi1f5rjvs16t9b.gif get_app
1558713957389000054051_sktwi1f5rjvs16t9a.gif get_app
1558713955525000054051_sktwi1f5rjvs16t99.gif get_app
1558713953750000054051_sktwi1f5rjvs16t98.gif get_app
1558713951706000054051_sktwi1f5rjvs16t97.gif get_app
1558713948711000054051_sktwi1f5rjvs16t96.gif get_app
1558713946556000054051_sktwi1f5rjvs16t95.gif get_app
1558713944597000054051_sktwi1f5rjvs16t94.gif get_app
1558713942566000054051_sktwi1f5rjvs16t93.gif get_app