KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization This article describes how you can perform a CA SiteMinder basic set up and configuration to provide CA Wily APM authentication before deploying CA EEM for authorization. This example describes these tasks: Configure SiteMinder policy Configure EEM to connect to SiteMinder This example set up uses 4 machines. You’ll install the required components on each machine as follows: Machine 1: SiteMinder Policy Store, Admin UI, and SunOne LDAP user directory Machine 2: SiteMinder Web Agent, Introscope EM Machine 3: CA EEM Machine 4: SiteMinder UI (called SiteMinder WAM UI) This diagram shows what the CA EEM/SiteMinder integrated environment looks like when the set up is complete. 1/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Install SiteMinder Verify that SiteMinder is installed and working correctly. Start the SiteMinder UI Go to the WAMUI machine and start the task engine. Start ->Programs->CA->IAMSuite->siteminderWAM->Start Task Engine Go To Start ‐> Programs ‐> CA ‐> IAM Suite ‐> siteminderWAM ‐> SiteMinder Administrative User Interface Or http://<WAMUI‐ServerNAME>:8080/iam/siteminder Log in using credentials from your LDAP install that SiteMinder is configured to use. 2/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization The SiteMinder WAM Administrative UI appears. 3/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Register the SiteMinder UI with the SiteMinder Policy server Note: Before you can add the UI, you must register it first with the SiteMinder Policy server. Run the command below on the SiteMinder machine. In this example, smui2 is the client name. Your client name must be a unique value that was not previously used on this server. xpsregclient smui2:123Getout ‐adminui ‐su ‐t 1440 The second value is the passphrase that will be used. (In this example the passphrase is 123Getout). This passphrase is needed when you register a Policy server with the WAM UI. Add the SiteMinder UI. In the SiteMinder WAM UI screen, click on the Administration tab ‐> UI ‐> Register Administration UI Server. Enter the server information and the client registration information that you entered when you ran the xpsregclient command to register the SiteMinder UI with the Policy Server. 4/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Go to the Infrastructure tab. Click Agent ‐> Create Agent. Select Create a new object of type Agent. 5/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization 6/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Select ‘Support 4.x agents. Enter the IP address of the Web Agent machine. Enter a Shared Secret. Click Submit. 7/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Go to Agent Configuration. Click on Create Agent Configuration. Create a copy of an object of type Agent Configuration. Select IISDefaultSettings. Click OK. 8/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enter the Name. Click on the icon to edit the Parameter for the DefaultAgentName. 9/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Remove the # from the Parameter name. Set the value to the agent name that you created earlier (i.e. smagent). Click OK. Edit the AllowLocalConfig parameter. Change the value to Yes. (This parameter might be on the second page) 10/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Click OK. 11/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Go to Infrastructure ‐> Authentication. Click Authentication Scheme ‐> Create Authentication Scheme. Click OK. 12/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enter a Name. Select the Authentication Scheme Type: HTML Form Template. Enter the Web Server Name and Port. Click Submit. 13/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Create the User Directory Go to Infrastructure ‐ > Directory. Click User Directory ‐> Create User Directory. Enter the Name for the user Directory. Enter the Server and Port for the LDAP Server (The SunOne Default port is 389). Enter the Administrator Credentials. 14/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enter the LDAP Settings and the User Attributes for your LDAP server. Create a Host Configuration Go to Infrastructure ‐> Hosts. Click Host Configuration ‐> Create Host Configuration. 15/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enter the Host Config Name. Enter the Policy Server IP Address. Click Submit. 16/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Create a Domain Go to Policies ‐> Domains. Click Domains ‐> Create Domain. Click the Add/Remove under the User Directories. Select the user directory that you created. 17/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Click OK. 18/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Click Submit. Create a Realm Go to Policies ‐> Domains. Click Realm ‐ > Create Realm. 19/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Select the domain you created – Click Next. Enter the Realm Name. 20/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Use the Browse button to select the Agent you created. Set the Authentication Scheme to the Scheme you created. Click Finish. 21/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Create a Rule Go to Policies ‐> Domains. Click Rule ‐> Create Rule. Select the Domain. Select the Realm you created and click Next. 22/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enter the Rule Name. Select both Get and Post in the Action section. Click Finish. 23/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Create a Policy Go to Policies ‐> Domains. Click Policy ‐> Create Policy. Select your Domain and click Next. Enter the Policy Name, then click Next. 24/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Click ‘Add All’ in the User Directories section. Click Next. 25/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Click Add Rule. Select the Rule you created – Click OK. Click Next. Click Finish. 26/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Enable the Policy you created Go to Policies ‐> Domains. Click Policies ‐> Modify Policy. Select the Policy you created. Select the box to Enable the Policy. Click Submit. 27/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Configure the WebAgent.conf and SmHost.conf You can manually edit the conf files, or run the ca‐wa‐config.cmd. WebAgent.conf C:\CA\webagent\bin\IIS\WebAgent.conf Open the file in notepad Enter the AgentConfigObject (Agent config you created) Enable the Web Agent AgentConfigObject="MyAgentConfig" EnableWebAgent="YES" SmHost.conf C:\CA\webagent\config\SmHost.conf Enter the Host Config Object (Host Config you created hostconfigobject="MyHostConfig" Carry out final steps and confirmations Restart IIS on the Web Agent Machine. You can run the command iisreset on the Web Agent machine to restart IIS. To check your SiteMinder configuration. connect to a default IIS page. http://<WebAgentMachine>.ca.com/iisstart.htm At the Please Login page, you will be prompted for the SiteMinder Authentication. Enter the login credentials from your LDAP . 28/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization You will then be able to view the IIS page . Connect to your CA EEM server. http://localhost:5250/spin/eiam/eiam.csp Select the Configure tab. Go to EEM Server ‐> Global users / Global Groups. Select Reference from CA SiteMinder. 29/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization Host: <SiteMinder Server Machine> Admin Name: <SiteMinder Admin user> Admin password: <SiteMinder Password> Agent name: smagent (agent you created in SiteMinder) Agent Secret: (enter the agent secret that you used when you created the agent) Authorization Store Type: Sun ONE Directory Authorization Store Name: wilyuserdir (Directory name that you created) Authentication Store Name: wilyuserdir (Directory name that you created) Click Save. The status should change to succeeded and loaded. 30/31 KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization You now need to configure CA EEM and LDAP with the Access Policy and Groups needed for CA Wily APM. For more information, see the CA Wily APM Security Guide or KB article 2450: CA Wily APM security example: Setting up CA Wily APM users, groups, and resources in CA EEM. 31/31
© Copyright 2024 ExpyDoc
