Identity Manager provides adapters that support a range of SiteMinder features.
Identity Manager provides adapters for supporting the following SiteMinder features:
Administrator accounts
LDAP repository users
Database table repository users
GUI Name |
Class Name |
---|---|
SiteminderAdmin | |
SiteminderLDAP | |
SiteminderExampleTable |
Before setting up the SiteMinder resource adapter in Identity Manager, you must complete these steps in SiteMinder:
The SiteMinder resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
Add the one of the following values in the Custom Resources section of the Configure Managed Resources page.
Copy the following JAR files to the $WSHOME/WEB-INF/lib directory.
Obtain the JAR files from the Web agent directory to ensure there is no version conflict. If you cannot locate these files in your Web agent directory, they are also located in the Netegrity\SiteMinder\SDK-2.2\java directory.
If you plan to use the SiteMinder Admin resource adapter, you must set the LIBPATH (or LD_LIBPATH, or SHLIB_PATH, depending on the application server platform) in the application server startup script or environment before starting the application server.
For example, on Solaris, the Web agent is installed in the following directory, which contains a file named nete_wa_env.sh:
/opt/netegrity/siteminder/webagent |
For WebLogic, add these lines to start Weblogic.sh in /bea/wlserver_Version/config/mydomain:
# In order to pickup the Siteminder libraries, the Netegrity # Web agent libs need to be added to LIBPATH, # LD_LIBRARY_PATH, and SHLIB_PATH . /opt/netegrity/siteminder/webagent/nete_wa_env.sh |
These lines set up the appropriate variables for the Java Native Interface methods used by the SiteMinder Admin resource adapter.
When you are finished, restart the Identity Manager application server.
None.
This section provides information about supported connections and privilege requirements.
Identity Manager uses JNDI over SSL to communicate with SiteMinder.
The user specified in the User DN resource parameter must have the ability to read, write, delete, and add users.
The following table summarizes the provisioning capabilities of this adapter.
Feature |
Supported? |
---|---|
Enable/disable account |
Yes for SiteMinder LDAP and Table. Not applicable for SiteMinder Admin |
Rename account |
No |
Pass-through authentication |
Yes |
Before/after actions |
No |
Data loading methods |
Import from resource |
The following table lists the default account attributes for the SiteMinder Admin adapter.
Identity System User Attribute |
Type |
Description |
---|---|---|
description |
String |
Description of the administrator |
smAdminAuth |
String |
A user defined with admin authorization |
smAdminDomains |
String |
Admin authority to manage domains |
smAdminAuthDir |
String |
User Directory - LDAP, ODBC, WinNT, Custom, AD |
smAdminAuthScheme |
String |
Authentication scheme for an administrator: “basic” authentication using a form or “X.509” using a client-certificate while connecting |
smAdminScope |
String |
Admin scope defined for the host, port and auth scheme to which the credentials apply |
smManageSystemDomainObjects |
String |
Admin’s authority to managing System objects like agents, Agent groups, Agent conf objects, host conf objects, User Directories, Policy Domain, affiliate domains, administrators, authentication schemes, Registration Schemes, Agent Types, SQL Query Schemes, Password Policies, trusted hosts and identity environment. |
smManageDomainObjects |
String |
Admin’s authority to managing domain objects like realms, rules, rule groups, responses, response group, variables and policies by the admin with sufficient privileges |
smManageUsers |
String |
Admin authority to set/unset with create/edit/delete privileges to manage users |
smManageKeysPwdPolicies |
String |
admin with privileges to manage keys and password policies applied of users |
smManageReports |
String |
Admin authority to manage reports |
smManageTrustedHosts |
String |
Hosts that the server trusts |
The following table lists the default account attributes for the SiteMinder Example Table adapter.
Identity System User Attribute |
Type |
Description |
---|---|---|
userID |
Integer |
The unique ID for the user. |
firstName |
String |
The user’s first name. |
lastName |
String |
The user’s last name. |
|
String |
The user’s email address. |
telephoneNumber |
String |
The user’s phone number. |
expirePassword |
Boolean |
Forces the user to supply a new password upon login. |
pin |
String |
The user’s personal identification number. |
mileage |
Integer |
Refer to the SiteMinder documentation. |
groups |
String |
The group ID that the account belongs to. |
The following table lists the default account attributes for the SiteMinder LDAP adapter.
Identity System User Attribute |
Type |
Description |
---|---|---|
accountId |
String |
User ID. This attribute maps to the uid resource user attribute. |
accountId |
String |
Required. The user’s full name. This attribute maps to the cn resource user attribute. |
password |
Encrypted |
The user’s password. |
firstname |
String |
The user’s first name. |
lastname |
String |
The user’s last name. |
expirePassword |
Boolean |
Forces the user to supply a new password upon login. |
statusFlags |
String |
Refer to the SiteMinder documentation. |
ldapGroups |
String |
The user’s LDAP group memberships. |
modifyTimeStamp |
String |
Indicates when a user entry was modified. |
objectClass |
String |
The user’s object class. |
None
SiteminderExampleTableUserForm.xml
Use the Identity Manager debug pages to set trace options on the following classes:
com.waveset.adapter.SiteminderAdminResourceAdapter
com.waveset.adapter.SiteminderLDAPResourceAdapter
com.waveset.adapter.SiteminderExampleTableResourceAdapter