Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun[TM] Identity Manager 8.0 Resources Reference 


SiteMinder

Identity Manager provides adapters for supporting the following SiteMinder features:

The following table summarizes the purpose of these adapters:

GUI Name

Class Name

SiteminderAdmin

com.waveset.adapter.SiteminderAdminResourceAdapter

SiteminderLDAP

com.waveset.adapter.SiteminderLDAPResourceAdapter

SiteminderExampleTable

com.waveset.adapter.SiteminderExampleTableResourceAdapter

Resource Configuration Notes

Before setting up the SiteMinder resource adapter in Identity Manager, you must complete these steps in SiteMinder:

  1. Register the trusted host:
    1. Create the host configuration object for your Web application server (copy of default settings with Policy Server IP).
    2. Use smreghost (from the agent installation directory) to register your application server.
  2. Create the agent:
    1. Enter a name for the agent.
    2. Select Support 4.x Agents.
    3. Select Siteminder / WebAgent as the agent type.
    4. Enter the IP address of the client.
    5. Enter a shared secret.

To successfully configure a SiteMinder resource adapter in Identity Manager, you must know the agent name and shared secret.

Identity Manager Installation Notes

The SiteMinder resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

  1. Add the one of the following values in the Custom Resources section of the Configure Managed Resources page.
    • com.waveset.adapter.SiteminderAdminResourceAdapter
    • com.waveset.adapter.SiteminderLDAPResourceAdapter
    • com.waveset.adapter.SiteminderExampleTableResourceAdapter
  2. Copy the following JAR files to the $WSHOME/WEB-INF/lib directory.
    • smjavaagentapi.jar
    • smjavasdk2.jar

    • Note

      Obtain the JAR files from the Web agent directory to ensure there is no version conflict. If you cannot locate these files in your Web agent directory, they are also located in the Netegrity\SiteMinder\SDK-2.2\java directory.


  3. If you plan to use the SiteMinder Admin resource adapter, you must set the LIBPATH (or LD_LIBPATH, or SHLIB_PATH, depending on the application server platform) in the application server startup script or environment before starting the application server.
  4. For example, on Solaris, the Web agent is installed in the following directory, which contains a file named nete_wa_env.sh:

    /opt/netegrity/siteminder/webagent

    For WebLogic, add these lines to start Weblogic.sh in /bea/wlserver_Version/config/mydomain:

    # In order to pickup the Siteminder libraries, the Netegrity
    # Web agent libs need to be added to LIBPATH,
    # LD_LIBRARY_PATH, and SHLIB_PATH

    . /opt/netegrity/siteminder/webagent/nete_wa_env.sh

    These lines set up the appropriate variables for the Java Native Interface methods used by the SiteMinder Admin resource adapter.

    When you are finished, restart the Identity Manager application server.

Usage Notes

None

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JNDI over SSL to communicate with SiteMinder.

Required Administrative Privileges

The user specified in the User DN resource parameter must have the ability to read, write, delete, and add users.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature

Supported?

Enable/disable account

Yes for SiteMinder LDAP and Table.
Not applicable for SiteMinder Admin

Rename account

No

Pass-through authentication

Yes

Before/after actions

No

Data loading methods

Import from resource

Account Attributes

SiteMinder Admin

The following table lists the default account attributes for the SiteMinder Admin adapter.

Identity System User Attribute

Type

Description

description

String

Description of the administrator

smAdminAuth

String

A user defined with admin authorization

smAdminDomains

String

Admin authority to manage domains

smAdminAuthDir

String

User Directory - LDAP, ODBC, WinNT, Custom, AD

smAdminAuthScheme

String

Authentication scheme for an administrator: “basic” authentication using a form or “X.509” using a client-certificate while connecting

smAdminScope

String

Admin scope defined for the host, port and auth scheme to which the credentials apply

smManageSystemDomainObjects

String

Admin’s authority to managing System objects like agents, Agent groups, Agent conf objects, host conf objects, User Directories, Policy Domain, affiliate domains, administrators, authentication schemes, Registration Schemes, Agent Types, SQL Query Schemes, Password Policies, trusted hosts and identity environment.

smManageDomainObjects

String

Admin’s authority to managing domain objects like realms, rules, rule groups, responses, response group, variables and policies by the admin with sufficient privileges

smManageUsers

String

Admin authority to set/unset with create/edit/delete privileges to manage users

smManageKeysPwdPolicies

String

admin with privileges to manage keys and password policies applied of users

smManageReports

String

Admin authority to manage reports

smManageTrustedHosts

String

Hosts that the server trusts

SiteMinder Example Table

The following table lists the default account attributes for the SiteMinder Example Table adapter.

Identity System User Attribute

Type

Description

userID

Integer

The unique ID for the user.

firstName

String

The user’s first name.

lastName

String

The user’s last name.

email

String

The user’s email address.

telephoneNumber

String

The user’s phone number.

expirePassword

Boolean

Forces the user to supply a new password upon login.

pin

String

The user’s personal identification number.

mileage

Integer

Refer to the SiteMinder documentation.

groups

String

The group ID that the account belongs to.

SiteMinder LDAP

The following table lists the default account attributes for the SiteMinder LDAP adapter.

Identity System User Attribute

Type

Description

accountId

String

User ID. This attribute maps to the uid resource user attribute.

accountId

String

Required. The user’s full name. This attribute maps to the cn resource user attribute.

password

Encrypted

The user’s password.

firstname

String

The user’s first name.

lastname

String

The user’s last name.

expirePassword

Boolean

Forces the user to supply a new password upon login.

statusFlags

String

Refer to the SiteMinder documentation.

ldapGroups

String

The user’s LDAP group memberships.

modifyTimeStamp

String

Indicates when a user entry was modified.

objectClass

String

The user’s object class.

Resource Object Management

None

Identity Template

$accountId$

Sample Forms

SiteminderAdminUserForm.xml

SiteminderExampleTableUserForm.xml

SiteminderLDAPUserForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes:



Previous      Contents      Index      Next     


.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.