When you integrate SiteMinder with MSS, you can leverage SiteMinder’s single sign-on capabilities to authenticate your users. And, you can configure additional authorization in MSS to restrict access to sessions.
MSS uses Microsoft IIS to integrate with SiteMinder.
If the SiteMinder option is disabled in the MSS Administrative Console, the SiteMinder Java Agent library has not been detected in the classpath for the MSS Server.
To resolve: Follow the steps to Enable SiteMinder.
Before you can configure the SiteMinder settings in MSS, be sure these prerequisites are met.
Windows IIS is installed and integrated with MSS.
If you need to enable IIS, see Configure Single Sign-on through IIS in this guide.
SiteMinder is integrated with MSS.
Follow the Integrating SiteMinder with MSS steps in the MSS Installation Guide.
Be sure to add the SiteMinder libraries to MSS (step 4) so that the SiteMinder configuration will be enabled in the MSS Administrative Console.
Refer to the Troubleshooting SiteMinder section in the MSS Installation Guide, as needed. (Scroll to the topic.)
Then, complete the SiteMinder configuration in the MSS Administrative Console.
Complete the SiteMinder Configuration
After you complete the prerequisite steps, enter your SiteMinder settings in the MSS Administrative Console.
Some configurations vary depending on the version you select.
The name of the SiteMinder agent that is used by IIS. This is the Name of the agent configured to work with IIS that is integrated with the Management and Security Server.
Configuration file (version 5+)
Provide a full path to the SiteMinder host configuration file, typically
SmHost.conf. This file resides in the config directory in the SiteMinder web agent installation directory.
Shared secret (version 4)
The secret used by the policy server to verify the agent. The Shared secret was created in the SiteMinder Administration tool under System Configuration > Agents.
Policy server host (version 4)
The IP address (preferred) or DNS name of the host on which the SiteMinder policy server is installed.
Authentication port (version 4)
The SiteMinder policy server's authentication port. The default for this port is 44442. To check the port number, open the SiteMinder Policy Server Management Console, click the Settings tab, and look for the Authentication port number under Access Control.
If other SiteMinder port numbers were changed from their defaults, you must reset the corresponding port numbers in the MSS
PropertyDS.xmlfile, located in the MSSData folder.
Determines which SiteMinder user attribute is displayed in the list of sessions and used for LDAP authorization.
User identity LDAP search attribute (optional)
When the MSS Administrative Server is configured to use authorization, use this field to specify the LDAP attribute used by the Administrative Server to perform an LDAP search request for the user's distinguished name (DN). During authorization, the Administrative Server issues an LDAP search request to obtain the user's LDAP DN. The LDAP search request's filter uses the attribute specified in this field.
For example, if you enter the value
uidinto this field, then the LDAP search filter will look like:
<SiteMinder username>is the value of the SiteMinder user's name, obtained from the SiteMinder session token, using the ATTR_USERNAME key. Example:
When the MSS Administrative Server is not configured for authorization, any value entered in this field is ignored.
SiteMinder and 64-bit systems
If you’re using a 64-bit operating system, check to be sure that the PATH variable places the path to the 64-bit libraries before the path to the 32-bit libraries. To confirm the order, open a command window and type:
If the 64-bit libraries are not first in the path, then edit the PATH variable so that the path to the 64-bit libraries comes before the path to the 32-bit libraries.