Sun OpenSSO Enterprise 8.0 Integration Guide

ProcedureTo Install the Principal Components

The following are the principal components in this use case:

Before You Begin
  1. Install and configure OpenSSO Enterprise in the same container in which the Identity Provider is installed.

    For detailed installation instructions, see the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

    • Be sure that the Identity Provider container supports SiteMinder Web Agent installation.

    • Configure OpenSSO Enterprise to use the same user repository as the SiteMinder user repository. This enables both OpenSSO Enterprise and SiteMinder to provide a single session for the same user.

  2. Install and configure the SiteMinder Web Agent on the OpenSSO Enterprise container.

    For now, configure the SiteMinder Web Agent to protect an arbitrary URL on the container. In this example, the protected URL is /validation/index.html.

    • As in the previous section, create a context root /validation, or create a directory named validation under the docroot.

    • Be sure that the SiteMinder form authentication scheme is working for the protected URL.

  3. Install the SiteMinder custom authentication module in OpenSSO Enterprise.

    After you unzip the OpenSSO Enterprise binary, the SiteMinder custom authentication module is located under the directory unzip-directory/integrations/siteminder/. The README.html provides steps for building a custom authentication module. The following parameters must be set to enable the SiteMinder SDK to connect to the SiteMinder Policy Server:

    SMCookieName:

    SiteMinder cookie name. The default name is SMSESSION.

    SharedSecret:

    Unique policy agent configuration obtained from SiteMinder, and used by OpenSSO Enterprise to point to the SiteMinder SDK .

    PolicyServerIPAddress:

    Indicates where the SiteMinder Policy Server is located.

    CheckRemoteUserOnly:

    This attribute should be enabled when the SiteMinder Web Agent is installed on the same host as OpenSSO Enterprise. The SiteMinder Web Agent performs session validation. When this attribute is enabled, the rest of the configuration is not needed.

    TrustedHostName:

    Name of the SiteMinder SDK host name.

    AccountPort

    One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.

    AuthenticationPort:

    One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.

    AuthorizationPort:

    One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.

    MinimumConnection:

    In a connection pool implementation, the maximum number of concurrent connections that a can be opened.

    MaximumConnection:

    In a connection pool implementation, the minimum number of concurrent connections that a can be opened.

    StepConnection:

    In a connection pool implementation, the number of concurrent connections that can be opened.

    RequestTimeout:

    Maximum time that the SiteMinder SDKwaits before it connects to SiteMinder Policy Server.

    RemoteUserHeaderName:

    When configured, the SiteMinder Web Agent sets a header name for the remote user after successful authentication. This parameter is used only when the checkRemoteHeaderOnly flag is set. The SMAuth module uses this parameter to create an OpenSSO Enterprise session.

    The following diagram shows an example of SiteMinder custom authentication module configuration.

    OpenSSO Enterprise authentication module configuration.
  4. Install and configure OpenSSO Enterprise in the container in which the Service Provider is installed.

    For detailed installation instructions, see the OpenSSO Enterprise Installation and Configuration Guide.

  5. Install the SiteMinder Web Agent in the OpenSSO Enterprise container.

    See the SiteMinder product documentation.