Sun Java logo     Previous      Contents      Next     

Sun logo
Sun Java System Identity Manager 6.0 Resources Reference 2005Q4M3 

SiteMinder

The SiteMinder resource adapters are defined in the following classes:

The following table summarizes the purpose of these adapters:

GUI Name

Purpose

SiteminderAdmin

Manages Siteminder administrator accounts

SiteminderLDAP

Manages SiteMinder users when using the Siteminder LDAP repository. This is the most commonly used adapter.

SiteminderExampleTable

Manages SiteMinder users when using the Siteminder database table repository

The SiteMinder resource adapters support the following versions of Netegrity SiteMinder:

Resource Configuration Notes

Before setting up the SiteMinder resource adapter in Identity Manager, you must complete these steps in SiteMinder:

  1. Register the trusted host:
    1. Create the host configuration object for your Web application server (copy of default settings with Policy Server IP).
    2. Use smreghost (from the agent installation directory) to register your application server.
  2. Create the agent:
    1. Enter a name for the agent.
    2. Select “Support 4.x Agents”.
    3. Select “Siteminder / WebAgent” as the agent type.
    4. Enter the IP address of the client.
    5. Enter a shared secret.

      6. Note  To successfully configure a SiteMinder resource adapter in Identity Manager, you must know the agent name and shared secret.

Identity Manager Installation Notes

The SiteMInder resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

  1. Add the one of the following values in the Custom Resources section of the Configure Managed Resources page.
    • com.waveset.adapter.SiteminderAdminResourceAdapter
    • com.waveset.adapter.SiteminderLDAPResourceAdapter
    • com.waveset.adapter.SiteminderExampleTableResourceAdapter
  2. Download and save one or more files to support the adapter.

Files Needed

  smjavaagentapi.jar

  smjavasdk2.jar

Product Location

Netegrity\Siteminder\SDK-2.2\java

Note: We recommend that you obtain the .jar files from the Web agent directory, to ensure there is no version conflict. If you cannot locate the .jar files in your Web agent directory, they are also located in the Netegrity\SiteMinder\SDK-2.2\java directory.

Installation Notes

Copy the .jar files to the WEB-INF\lib directory.

Class Name

  com.waveset.adapter.SiteminderAdminResourceAdapter

  com.waveset.adapter.SiteminderLDAPResourceAdapter

  com.waveset.adapter.SiteminderExampleTableResourceAdapter

If you plan to use the SiteMinder Admin resource adapter, you must set the LIBPATH (or LD_LIBPATH, or SHLIB_PATH, depending on the application server platform) in the application server startup script or environment before starting the application server.

For example, on Solaris, the Web agent is installed in the following directory, which contains a file named nete_wa_env.sh:

/opt/netegrity/siteminder/webagent

For WebLogic, add these lines to start Weblogic.sh in /bea/wlserver6.1/config/mydomain:

# In order to pickup the Siteminder libraries, the Netegrity
# Web agent libs need to be added to LIBPATH,
# LD_LIBRARY_PATH, and SHLIB_PATH

. /opt/netegrity/siteminder/webagent/nete_wa_env.sh

These lines set up the appropriate variables for the Java Native Interface methods used by the SiteMinder Admin resource adapter.

When you are finished, restart the Identity Manager application server.

Usage Notes

Before Identity Manager 5.5, the SiteMinder LDAP Active Sync adapter used the Process to run with changes field to determine which process to launch when a change was detected. The process specified in this field is now specified in the Active Sync Resolve Process rule.

In addition, before Identity Manager 5.5, if the Process deletes as updates check box was selected, Identity Manager would disable a deleted Identity Manager user as well as all resource accounts and mark the user for later deletion. By default, this check box was selected. In Identity Manager 5.5 and beyond, this functionality is configured by setting the Delete Rule set to None.

If the checkbox was previously deselected, then the Delete Rule will be set to ActiveSync has isDeleted set.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JNDI over SSL to communicate with SiteMinder.

Required Administrative Privileges

None

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature

Supported?

Enable/disable account

Yes for SiteMinder LDAP and Table.
Not applicable for SiteMinder Admin

Rename account

 

Pass-through authentication

Yes

Before/after actions

 

Data loading methods

Import from resource

Account Attributes

Resource Object Management

Identity Template

$accountId$

Sample Forms

SiteminderAdminUserForm.xml

SiteminderExampleTableUserForm.xml

SiteminderLDAPUserForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes:



Previous      Contents      Next     

Copyright 2006 Sun Microsystems, Inc. All rights reserved.