Sun Java[TM] System Identity Manager 7.1 Resources Reference |
SiteMinderThe SiteMinder resource adapters are defined in the following classes:
The following table summarizes the purpose of these adapters:
The SiteMinder resource adapters support the following versions of Netegrity SiteMinder:
Resource Configuration Notes
Before setting up the SiteMinder resource adapter in Identity Manager, you must complete these steps in SiteMinder:
To successfully configure a SiteMinder resource adapter in Identity Manager, you must know the agent name and shared secret.
Identity Manager Installation Notes
The SiteMInder resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
- Add the one of the following values in the Custom Resources section of the Configure Managed Resources page.
- Download and save one or more files to support the adapter.
Files Needed:
- smjavaagentapi.jar
- smjavasdk2.jar
Product Location:
- Netegrity\Siteminder\SDK-2.2\java
Installation Notes:
Copy the .jar files to the WEB-INF\lib directory.
If you plan to use the SiteMinder Admin resource adapter, you must set the LIBPATH (or LD_LIBPATH, or SHLIB_PATH, depending on the application server platform) in the application server startup script or environment before starting the application server.
For example, on Solaris, the Web agent is installed in the following directory, which contains a file named nete_wa_env.sh:
/opt/netegrity/siteminder/webagent
For WebLogic, add these lines to start Weblogic.sh in /bea/wlserver6.1/config/mydomain:
# In order to pickup the Siteminder libraries, the Netegrity
# Web agent libs need to be added to LIBPATH,
# LD_LIBRARY_PATH, and SHLIB_PATH. /opt/netegrity/siteminder/webagent/nete_wa_env.sh
These lines set up the appropriate variables for the Java Native Interface methods used by the SiteMinder Admin resource adapter.
When you are finished, restart the Identity Manager application server.
Usage Notes
Before Identity Manager 5.5, the SiteMinder LDAP Active Sync adapter used the Process to run with changes field to determine which process to launch when a change was detected. The process specified in this field is now specified in the Active Sync Resolve Process rule.
In addition, before Identity Manager 5.5, if the Process deletes as updates check box was selected, Identity Manager would disable a deleted Identity Manager user as well as all resource accounts and mark the user for later deletion. By default, this check box was selected. In Identity Manager 5.5 and beyond, this functionality is configured by setting the Delete Rule set to None.
If the checkbox was previously deselected, then the Delete Rule will be set to ActiveSync has isDeleted set.
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses JNDI over SSL to communicate with SiteMinder.
Required Administrative Privileges
None
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Account Attributes
Resource Object Management
Identity Template
$accountId$
Sample Forms
SiteminderAdminUserForm.xml
SiteminderExampleTableUserForm.xml
SiteminderLDAPUserForm.xml
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes: