Configuring eTrust SiteMinder for authentication and authorization | HCL Digital Experience
You can configure Computer Associates eTrust SiteMinder to perform both authentication and authorization for HCL Digital Experience. Using eTrust SiteMinder to perform only authorization is not supported at this time.
About this task
Install Computer Associates eTrust SiteMinder Trust Association Interceptor (TAI) distribution on the same machine as HCL Digital Experience. If you are completing this task in a clustered environment, you must install the eTrust SiteMinder TAI distribution on each node in the cluster.
Complete the following steps to configure eTrust SiteMinder for authentication and authorization:
Procedure
- Copy the smagent.properties file from the eTrust SiteMinder application server agent installation directory to the wp_profile_root/properties directory.Clustered environments: Complete this step on all nodes.
-
By default, the Application Server Agent installation enables agents
other than the one used for authentication. These agents are not tested with HCL
Digital Experience and must be disabled. Modify the following files in the
eTrust SiteMinder installation directory to set
EnableWebAgent=no:
- AsaAgent-az.conf
- AsaAgent-auth.conf
Clustered environments: Complete this step on all nodes. - Use a text editor to open the wkplc_comp.properties file
in the following directory:
- AIX® HP-UX Linux™Solaris: wp_profile_root/ConfigEngine/properties
- IBM® i: wp_profile_root/ConfigEngine/properties
- Windows™: wp_profile_root\ConfigEngine\properties
- z/OS®: wp_profile_root/ConfigEngine/properties
- Update the Namespace management
parameters in the wkplc_comp.properties file
- Enter the following parameters in the wkplc_comp.properties file;
go to the SiteMinder heading:Clustered environments: Complete this step on all nodes.Cluster note: Complete this step on all nodes in the cluster. The following parameters must match on all nodes in the clustered environment. The one exception is the wp.ac.impl.PDServerName parameter.
- For wp.ac.imp.SMDomain, type the eTrust SiteMinder Domain containing all externalized resources.
- For wp.ac.impl.SMScheme, type the eTrust SiteMinder Authentication scheme object name to use when you create realms.
- For wp.ac.impl.SMAgent, type the agent name that is created on eTrust SiteMinder for a specific external security manager instance.
- For wp.ac.impl.SMAgentPwd, type the password for wp.ac.impl.SMAgent.
- For wp.ac.impl.SMadminId, type the administrative user ID that eTrust SiteMinder uses to access the eTrust SiteMinder policy server.
- For wp.ac.impl.SMAdminPwd, type the password for wp.ac.impl.SMadminId.
- For wp.ac.impl.SMUserDir, type the eTrust SiteMinder User Directory object that references the LDAP user registry.
- For wp.ac.impl.SMFailover, type true if more than one server is listed in wp.ac.impl.SMServers or type false if no additional servers are available for failover.
- For wp.ac.impl.SMServers, type a comma-delimited list of servers for the eTrust SiteMinder agent.
- Save your changes to the properties file.
- Run the following task to configure eTrust SiteMinder for authentication
and authorization:
- AIX® HP-UXLinux™ Solaris: ./ConfigEngine.sh enable-sm-all from the wp_profile_root/ConfigEngine directory
- IBM® i: ConfigEngine.sh enable-sm-all from the wp_profile_root/ConfigEngine directory
- Windows™: ConfigEngine.bat enable-sm-all from the wp_profile_root\ConfigEngine directory
- z/OS®:./ConfigEngine.sh enable-sm-all from the wp_profile_root/ConfigEngine directory
Clustered environments: Complete this step on all nodes. - Stop and restart the appropriate servers to propagate the changes. For specific instructions, see Starting and stopping servers, deployment managers, and node agents.