Adding SiteMinder to an Existing Identity Manager r12 Installation
search cancel

Adding SiteMinder to an Existing Identity Manager r12 Installation

book

Article ID: 62667

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

This document provides detailed instructions for adding SiteMinder Web Access Manager to an existing Identity Manager r12 environment.

Environment

Release: Identity Manager

Resolution

To add SiteMinder to an existing Identity Manager Environment

Important! All existing password policy configurations will be lost. Password policies are not portable when moving from an environment without SiteMinder to an environment with SiteMinder.

  1. Ensure you have a Web server.

  2. Install and configure a Web server to the application server proxy forwarder.

  3. Install and configure a SiteMinder Policy Server and Web Agent for this Web server.


    Note: For more information, see the CA SiteMinder Web Access Manager Policy Server Installation Guide and the CA SiteMinder Web Access Manager Web Agent Installation Guide.

  4. Import the Identity Manager policy store schema to the policy store.

  5. Run the Identity Manager r12 installer on the machine where the SiteMinder Policy Server is installed.

    Select only the Extensions for SiteMinder option when you run the installer.

  6. In the Management Console, export the Identity Manager directories and environments.

  7. Delete all directories and environments after the export completes.

  8. Stop the application server.

  9. Edit the ra.xml file located in \IdentityMinder.ear\policyserver.rar\META-INF, as follows:

    1. Set Enabled = true.

    2. In the ConnectionURL property, fill in the IP or hostname of the SiteMinder Policy Server.

    3. In the UserName property, fill in the name of the SiteMinder administrator.

    4. Encrypt the SiteMinder administrator's password using the Identity Manager Password Tool and put it in the AdminSecret property. The Password Tool can be found in:

      C:\Program Files\CA\IAM Suite\Identity Manager\tools\PasswordTool\P\pwdtools.bat.

      Note: Add the string '{PBES}:'to the beginning of the encrypted password produced by the Password Tool, before adding it to the AdminSecret property.

    5. In the AgentName property, fill in the name of the Agent.

    6. Encrypt the Agent's password using the Identity Manager Password Tool and put it in the AgentSecret property.

      Note: Add the string '{PBES}:'to the beginning of the encrypted password produced by the Password Tool, before adding it to the AgentSecret property.

  10. Edit the web.xml file located in \IdentityMinder.ear\ user_console.war\WEB-INF, and set the FrameworkAuthFilter property to Enabled = false.

    Note: For WebSphere, the web.xml is located in

    WebSphere_home/AppServer/profiles/Profile_Name/config/cells/Cell_Name/applications/IdentityMinder.ear/deployments/IdentityMinder/user_console.war/WEB-INF

  11. (WebSphere Only) Update the policyServer object in the Administrative Console with same values as in the ra.xml file, as shown in the graphic below:


  12. Start the application server.

  13. For an RDB User Store only, do the following:
    1. Configure a data source that SiteMinder will use to connect to the user directory.

      Note: For more information on configuring the data source, see the CA SiteMinder Web Access Manager Policy Server Installation Guide.

    2. Add the SiteMinder data source information to the directory by editing the directory.xml file. In the directory.xml file, locate the line containing the <JDBC datasource="jdbc/userstore"/> tag and add the following line after it, with your user name and encrypted password:

      <Credentials user="<your-user>">{PBES}:gSex2/BhDGzEKWvFmzca4w==</Credentials>
      <DSN name="<name of the data source you created>"/>

  14. Enable the Web Agent by modifying the webagent.conf file in the Web Agent folder and setting it to Enabled = yes.

    In order to test the Web Agent configuration, go to the Management Console by using the Web server port instead of the application server port.

  15. Import the directory.xml from Step 6 to create a new Identity Manager directory.

  16. Repeat Step 15 for all directories.

  17. In the environment ZIP file created in Step 6, edit the environment.xml file and add the SiteMinder Agent, as follows:

    agent="SiteMinder_agent_name"

  18. Import the ZIP file to recreate the Identity Manager environment.

  19. Repeat Step 17 and Step 18 for all environments.

  20. Restart the application server

Attachments

1558624392445000062667_sktwi1ysjvsbg8gv.gif get_app