5.8.8 SiteMinder Configuration

Management and Security Server uses Microsoft IIS to integrate with SiteMinder. For instructions on how to integrate IIS with MSS and if needed, Host Access for the Cloud, see Configure Single Sign-on through IIS .

If you selected SiteMinder as your authentication method, complete the configuration:

  • Agent version

    Some configurations vary depending on the version you select.

  • Agent name

    The name of the SiteMinder agent that is used by IIS. This is the Name of the agent configured to work with IIS that is integrated with the Management and Security Server.

  • Configuration file (version 5+)

    Provide a full path to the SiteMinder host configuration file. This is typically SmHost.conf and resides in the config directory in the SiteMinder web agent installation directory.

  • Shared secret (version 4)

    The secret used by the policy server to verify the agent. This is the Shared secret that was created in the SiteMinder Administration tool under System Configuration > Agents.

  • Policy server host (version 4)

    The IP address (preferred) or DNS name of the host on which the SiteMinder policy server is installed.

  • Authentication port (version 4)

    The SiteMinder policy server's authentication port. The default for this port is 44442. To check the port number, open the SiteMinder Policy Server Management Console, click the Settings tab, and look for the Authentication port number under Access Control. If other SiteMinder port numbers were changed from their defaults, you must reset the corresponding port numbers in the Management and Security Server PropertyDS.xml file, located in the MSSData folder.

  • User identity

    Determines which SiteMinder user attribute is displayed in the list of sessions and used for LDAP authorization.

  • User identity LDAP search attribute (optional)

    When the Administrative Server is configured to use authorization, use this field to specify the LDAP attribute used by the Administrative Server to perform an LDAP search request for the user's distinguished name (DN). During authorization, the Administrative Server issues an LDAP search request to obtain the user's LDAP DN. The LDAP search request's filter uses the attribute specified in this field.

    For example, if you enter the value "uid" into this field, then the LDAP search filter will look like: (uid=<SiteMinder username>) where <SiteMinder username> is the value of the SiteMinder user's name, obtained from the SiteMinder session token, using the ATTR_USERNAME key. Example: (uid=johns)

    NOTE:When the Administrative Server is not configured for authorization, any value entered in this field is ignored.

SiteMinder and 64-bit systems

If you’re using a 64-bit operating system, check to be sure that the PATH variable places the path to the 64-bit libraries before the path to the 32-bit libraries. To confirm the order, open a command window and type: echo %PATH%.

If the 64-bit libraries are not first in the path, then edit the PATH variable so that the path to the 64-bit libraries comes before the path to the 32-bit libraries.

Related Topics