test

Oracle Waveset 8.1.1 Resources Reference

Adapter Details

Waveset provides adapters for supporting the following SiteMinder features:

GUI Name

Class Name

SiteminderAdmin

com.waveset.adapter.SiteminderAdminResourceAdapter

SiteminderLDAP

com.waveset.adapter.SiteminderLDAPResourceAdapter

SiteminderExampleTable

com.waveset.adapter.SiteminderExampleTableResourceAdapter

Resource Configuration Notes

Before setting up the SiteMinder resource adapter in Waveset, you must complete these steps in SiteMinder:

ProcedureSetting Up the SiteMinder Resource Adapter

  1. Register the trusted host:

    1. Create the host configuration object for your Web application server (copy of default settings with Policy Server IP).

    2. Use smreghost (from the agent installation directory) to register your application server.

  2. Create the agent:

    1. Enter a name for the agent.

    2. Select Support 4.x Agents.

    3. Select Siteminder / WebAgent as the agent type.

    4. Enter the IP address of the client.

    5. Enter a shared secret.

      To successfully configure a SiteMinder resource adapter in Waveset, you must know the agent name and shared secret.

Waveset Installation Notes

The SiteMinder resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the SiteMinder Resource Adapter

  1. Add the one of the following values in the Custom Resources section of the Configure Managed Resources page.

    • com.waveset.adapter.SiteminderAdminResourceAdapter

    • com.waveset.adapter.SiteminderLDAPResourceAdapter

    • com.waveset.adapter.SiteminderExampleTableResourceAdapter

  2. Copy the following JAR files to the $WSHOME/WEB-INF/lib directory.

    • smjavaagentapi.jar

    • smjavasdk2.jar

    Obtain the JAR files from the Web agent directory to ensure there is no version conflict. If you cannot locate these files in your Web agent directory, they are also located in the Netegrity\SiteMinder\SDK-2.2\java directory.

  3. If you plan to use the SiteMinder Admin resource adapter, you must set the LIBPATH (or LD_LIBPATH, or SHLIB_PATH, depending on the application server platform) in the application server startup script or environment before starting the application server.

    For example, on Solaris, the Web agent is installed in the following directory, which contains a file named nete_wa_env.sh:


    /opt/netegrity/siteminder/webagent

    For WebLogic, add these lines to start Weblogic.sh in /bea/wlserver_Version/config/mydomain:


    # In order to pickup the Siteminder libraries, the Netegrity
# Web agent libs need to be added to LIBPATH,
# LD_LIBRARY_PATH, and SHLIB_PATH
. /opt/netegrity/siteminder/webagent/nete_wa_env.sh

    These lines set up the appropriate variables for the Java Native Interface methods used by the SiteMinder Admin resource adapter.

    When you are finished, restart the Waveset application server.

Usage Notes

None.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Waveset uses JNDI over SSL to communicate with SiteMinder.

Required Administrative Privileges

The user specified in the User DN resource parameter must have the ability to read, write, delete, and add users.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature  

Supported?  

Enable/disable account 

Yes for SiteMinder LDAP and Table. Not applicable for SiteMinder Admin 

Rename account 

No 

Pass-through authentication 

Yes 

Before/after actions 

No 

Data loading methods 

Import from resource 

Account Attributes

SiteMinder Admin

The following table lists the default account attributes for the SiteMinder Admin adapter.

Identity System User Attribute  

Type  

Description  

description

String 

Description of the administrator 

smAdminAuth

String 

A user defined with admin authorization 

smAdminDomains

String 

Admin authority to manage domains 

smAdminAuthDir

String 

User Directory - LDAP, ODBC, WinNT, Custom, AD 

smAdminAuthScheme

String 

Authentication scheme for an administrator: “basic” authentication using a form or “X.509” using a client-certificate while connecting 

smAdminScope

String 

Admin scope defined for the host, port and auth scheme to which the credentials apply 

smManageSystemDomainObjects

String 

Admin’s authority to managing System objects like agents, Agent groups, Agent conf objects, host conf objects, User Directories, Policy Domain, affiliate domains, administrators, authentication schemes, Registration Schemes, Agent Types, SQL Query Schemes, Password Policies, trusted hosts and identity environment. 

smManageDomainObjects

String 

Admin’s authority to managing domain objects like realms, rules, rule groups, responses, response group, variables and policies by the admin with sufficient privileges 

smManageUsers

String 

Admin authority to set/unset with create/edit/delete privileges to manage users 

smManageKeysPwdPolicies

String 

admin with privileges to manage keys and password policies applied of users 

smManageReports

String 

Admin authority to manage reports 

smManageTrustedHosts

String 

Hosts that the server trusts 

SiteMinder Example Table

The following table lists the default account attributes for the SiteMinder Example Table adapter.

Identity System User Attribute  

Type  

Description  

userID

Integer 

The unique ID for the user. 

firstName

String 

The user’s first name. 

lastName

String 

The user’s last name. 

email

String 

The user’s email address. 

telephoneNumber

String 

The user’s phone number. 

expirePassword

Boolean 

Forces the user to supply a new password upon login. 

pin

String 

The user’s personal identification number. 

mileage

Integer 

Refer to the SiteMinder documentation. 

groups

String 

The group ID that the account belongs to. 

SiteMinder LDAP

The following table lists the default account attributes for the SiteMinder LDAP adapter.

Identity System User Attribute  

Type  

Description  

accountId

String 

User ID. This attribute maps to the uid resource user attribute. 

accountId

String 

Required. The user’s full name. This attribute maps to the cn resource user attribute. 

password

Encrypted 

The user’s password. 

firstname

String 

The user’s first name. 

lastname

String 

The user’s last name. 

expirePassword

Boolean 

Forces the user to supply a new password upon login. 

statusFlags

String 

Refer to the SiteMinder documentation. 

ldapGroups

String 

The user’s LDAP group memberships. 

modifyTimeStamp

String 

Indicates when a user entry was modified. 

objectClass

String 

The user’s object class. 

Resource Object Management

None

Identity Template

$accountId$

Sample Forms

SiteminderAdminUserForm.xml

SiteminderExampleTableUserForm.xml

SiteminderLDAPUserForm.xml

Troubleshooting

Use the Waveset debug pages to set trace options on the following classes: