Configuring the WebSphere Application Server to use TAI
Configure the IBM® WebSphere® Application Server hosting an IBM Sametime® server to use Trust Association Interceptors (TAI) with SiteMinder.
About this task
- Sametime Advanced Server
- Sametime Proxy Server
- Sametime Meeting Server
Procedure
- On the computer hosting the deployment manager for the Sametime server, log in
as root on Linux™, or as the Windows™ administrator.
Typically the deployment manager is the Sametime System Console.
- Copy the
smagent.properties
file from the Application Server Agent (ASA) installation /opt/smwasasa/conf directory to the IBM WebSphere Application Server Profile properties directory.For example,
Windows: c:\program files\IBM\websphere\appserver\profiles\profile1\properties
Linux: /opt/IBM/WebSphere/AppServer/profiles/STPAppProfile/properties
- Copy the smagent.properties file from
the ASA installation /opt/smwasasa/conf directory
to the
dmgrprofile
. - Ensure that your system path includes a path to the Application
Server Agent's (ASA) bin directory. On Microsoft™ Windows,
the bin directory is typically c:\smwasasa\bin.
On Linux, set the path by entering
this command:
#export PATH=$PATH:/opt/smwasasa/bin:/opt/smwasasa/conf
- From the Integrated Solutions Console on the WebSphere Administration Server, complete
these steps:
- Click Security > Global Security > Expand Web and SIP security > Trust Association.
- Select Enable Trust Association and click Apply.
- Click Interceptors and delete those you do not require.
- On the Interceptors page, click New.
- Enter this SiteMinder ASA class name next to Interceptor
Classname and click Apply:
com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor
- Save the changes to the master configuration by clicking Save on the next two screens.
- Log out of the Administration Console.
- Restart the WebSphere Application Server.
- From the Integrated Solutions Console on the WebSphere Administration Server, complete
these steps:
- Click Security > Global Security > Expand Web and SIP Security > General Settings .
- Select the Authenticate only when the URI is protected option, and then click OK.
- Click Security > Global Security > Custom Properties. Click New.
- Add this setting:
Name: com.ibm.websphere.security.performTAIForUnprotectedURI
Value true
- Click Security > Global Security.
- Select the Enable administrative security and the Enable application security options.
- Click Security > Global Security > Expand Web and SIP Security > Single sign-on (SSO).
- Select the Enabled option.
- In the Domain name field, specify the domain name. Click OK.
- Click Security > Global Security > Available realm definitions > Federated repositories.
- Click Configure > Manage repositories, and then click Add.
- Click Security > Global Security > Available realm definitions.
- Select Federated repositories and click Configure.
- Click Add Base Entry to Realm.
- Specify the details for LDAP.
- Click Security > Global Security > Available realm definitions.
- Select Federated repositories and click Configure.
- Change the realm name to point to the LDAP server you are using.
- Save the changes you made.
- Click Security > Global Security > Available realm definitions:Federated repositiories, and click Set as current.
- The security configuration is enabled or modified in a
Network Deployment environment. Complete these steps so that all the
processes in this environment have the same security run-time settings:
- Verify that all nodes are synchronized with these security configuration changes before stopping these processes.
- If any node agents are currently stopped, manually enter
a
syncNode
command before starting that node agent. - Stop all of the processes in the cell, including the deployment manager, node agents, and application servers.
- Restart all of the processes in the cell, restart the deployment manager and node agents first, then application servers.
- Follow these instructions to set up SSO: Enabling SSO.
- Enable SSO for SiteMinder by completing these steps:
- Click Enterprise Applications > SametimeProxy > Security role to user/group mapping.
- Map the AllUsers role to All Authenticated in Application's Realm.
- Click OK.