Adding SiteMinder to an Existing Identity Manager r12 Installation
book
Article ID: 62667
calendar_today
Updated On:
Products
CA Identity ManagerCA Identity GovernanceCA Identity PortalCA Identity Suite
Issue/Introduction
This document provides detailed instructions for adding SiteMinder Web Access Manager to an existing Identity Manager r12 environment.
Environment
Release: Identity Manager
Resolution
To add SiteMinder to an existing Identity Manager Environment
Important! All existing password policy configurations will be lost. Password policies are not portable when moving from an environment without SiteMinder to an environment with SiteMinder.
Ensure you have a Web server.
Install and configure a Web server to the application server proxy forwarder.
Install and configure a SiteMinder Policy Server and Web Agent for this Web server.
Note: For more information, see the CA SiteMinder Web Access Manager Policy Server Installation Guide and the CA SiteMinder Web Access Manager Web Agent Installation Guide.
Import the Identity Manager policy store schema to the policy store.
Run the Identity Manager r12 installer on the machine where the SiteMinder Policy Server is installed.
Select only the Extensions for SiteMinder option when you run the installer.
In the Management Console, export the Identity Manager directories and environments.
Delete all directories and environments after the export completes.
Stop the application server.
Edit the ra.xml file located in \IdentityMinder.ear\policyserver.rar\META-INF, as follows:
Set Enabled = true.
In the ConnectionURL property, fill in the IP or hostname of the SiteMinder Policy Server.
In the UserName property, fill in the name of the SiteMinder administrator.
Encrypt the SiteMinder administrator's password using the Identity Manager Password Tool and put it in the AdminSecret property. The Password Tool can be found in:
(WebSphere Only) Update the policyServer object in the Administrative Console with same values as in the ra.xml file, as shown in the graphic below:
Start the application server.
For an RDB User Store only, do the following:
Configure a data source that SiteMinder will use to connect to the user directory.
Note: For more information on configuring the data source, see the CA SiteMinder Web Access Manager Policy Server Installation Guide.
Add the SiteMinder data source information to the directory by editing the directory.xml file. In the directory.xml file, locate the line containing the <JDBC datasource="jdbc/userstore"/> tag and add the following line after it, with your user name and encrypted password:
<Credentials user="<your-user>">{PBES}:gSex2/BhDGzEKWvFmzca4w==</Credentials> <DSN name="<name of the data source you created>"/>
Enable the Web Agent by modifying the webagent.conf file in the Web Agent folder and setting it to Enabled = yes.
In order to test the Web Agent configuration, go to the Management Console by using the Web server port instead of the application server port.
Import the directory.xml from Step 6 to create a new Identity Manager directory.
Repeat Step 15 for all directories.
In the environment ZIP file created in Step 6, edit the environment.xml file and add the SiteMinder Agent, as follows:
agent="SiteMinder_agent_name"
Import the ZIP file to recreate the Identity Manager environment.