|
This section describes details that are common to both SiteMinder and
CA SOA Security Manager connections.
Agent Name:
Enter the name of the agent to connect to SiteMinder or SOA Security Manager
in the Agent Name field. This name must
correspond to the name of an agent previously configured in the
CA Policy Server.
Agent Configuration Object:
The name entered must match the name of the Agent Configuration Object (ACO)
configured in the CA Policy Server. The Enterprise Gateway currently
does not support any features represented by the ACO parameters except for the
PersistentIPCheck setting. For example, the Enterprise Gateway ignores
the DefaultAgent parameter, and uses the agent value it collects
separately during agent registration.
When the PersistentIPCheck ACO parameter is set to yes, it
instructs the Enterprise Gateway to compare the IP address from the last request (stored
in a persistent cookie) with the IP address in the current request to see if they
match. If the IP addresses do not match, the Enterprise Gateway rejects the request. If
this parameter is set to no, this check is disabled.
Connection Details:
There are two approaches to configuring the details required to
connect to the SiteMinder or SOA Security Manager server.
Create the SmHost.conf File
Important Note:
You must use this option if the Policy Studio and
Enterprise Gateway are running on different machines.
The Enterprise Gateway uses the information in the SiteMinder or SOA Security
Manager hosts configuration file to connect. This file is called
SmHost.conf by default, and is generated after
creating a host with SiteMinder or SOA Security Manager.
If you have already generated a suitable SmHost.conf
file, and have copied it to the machine on which you are running the
Policy Studio, you can browse to the location of this file using the
Browse button at the bottom right of the Connection
Details text area. After selecting the configuration file,
the connection details are displayed in this text area.
If you do not have a suitable SmHost.conf file, you
can generate one by running the smreghost utility
on the machine running the Enterprise Gateway. Complete the following steps:
-
You can run the
smreghost utility from the
machine on which you have installed the Enterprise Gateway.
-
The
smreghost utility is found in the
following location, depending on your target platform:
Windows: /win32/lib
Linux: /Linux.i386/bin
Solaris: /SunOS.sun4u-32/bin
-
Open a command prompt at this directory, and run the
smreghost utility. You must pass
the appropriate command-line arguments, depending on the
hostname and hostconfigobject
configured to represent the Enterprise Gateway in the CA Policy
Server. Similarly, you must specify the hostname/IP and port of
the CA Policy Server.
-
The utility writes its output to a
SmHosts.conf
file in the same directory. You must manually copy this file from
the machine running the Enterprise Gateway to the machine running the
Policy Studio.
-
Browse to the location of this file using the Browse
button on the connection details dialog.
Register the Enterprise Gateway using the Policy Studio
Important Note:
You can only use this option if the Policy Studio and Enterprise Gateway are
running on the same machine.
Alternatively, you can create a host directly with the
Policy Studio by selecting the Register
button. A SiteMinder or SOA Security Manager host can be added using the
Register Host dialog.
Complete the following fields:
-
IP Address:
The address of the machine on which SiteMinder or SOA Security
Manager is running.
-
User Name:
The username of a SiteMinder or SOA Security Manager administrator
as configured during installation.
-
Password:
The password for the above user.
-
Name of host to be registered:
The name of the Trusted Host to be added to
SiteMinder or SOA Security Manager.
-
Name of host configuration object:
The name of the Host Configuration Object to be
associated with the new host. The new host is now registered
with SiteMinder or SOA Security Manager.
|