Skip to content

SiteMinder

When you integrate SiteMinder with MSS, you can leverage SiteMinder’s single sign-on capabilities to authenticate users. And, you can configure additional authorization in MSS to restrict access to sessions.

MSS uses Microsoft IIS to integrate with SiteMinder.

Prerequisites

Before you configure SiteMinder settings in MSS, be sure these prerequisites are met.

  • A SiteMinder Web Agent is installed on Microsoft IIS.

    The Web Agent is installed on IIS and is configured to guard web resources. Refer to the SiteMinder documentation for more information.

  • Microsoft IIS is integrated with MSS.

    See Integrate with the IIS Reverse Proxy in the MSS Deployment Guide for detailed instructions.

  • Required SiteMinder JARs and configuration files.

    MSS offers support for the SiteMinder "pure Java" agent, which requires the following SiteMinder files:

    • cryptoj.jar
    • smagentapi.jar
    • SmHost.conf

    Refer to the SiteMinder documentation for information about these files.

SiteMinder Configuration

  • Import SiteMinder File

    Import the following SiteMinder files into MSS:

    • cryptoj.jar
    • smagentapi.jar
    • SmHost.conf

  • Agent version

    Some configurations vary depending on the version you select.

  • Agent name

    The name of the SiteMinder agent that is used by IIS. This is the Name of the agent configured to work with IIS that is integrated with the Management and Security Server.

  • SSO zone name (optional)

    The name of the SiteMinder SSO security zone.

  • Shared secret (version 4)

    The secret used by the policy server to verify the agent. The Shared secret was created in the SiteMinder Administration tool under System Configuration > Agents.

  • Policy server host (version 4)

    The IP address (preferred) or DNS name of the host on which the SiteMinder policy server is installed.

  • Authentication port (version 4)

    The SiteMinder policy server's authentication port. The default for this port is 44442. To check the port number, open the SiteMinder Policy Server Management Console, click the Settings tab, and look for the Authentication port number under Access Control.

  • User identity

    Determines which SiteMinder user attribute is displayed in the list of sessions and used for LDAP authorization.

  • User identity LDAP search attribute (optional)

    When the MSS Server is configured to use authorization, use this field to specify the LDAP attribute used by the Server to perform an LDAP search request for the user's distinguished name (DN). During authorization, the MSS Server issues an LDAP search request to obtain the user's LDAP DN. The LDAP search request's filter uses the attribute specified in this field.

    For example, if you enter the value uid into this field, then the LDAP search filter will look like: (uid=<SiteMinder username>) where <SiteMinder username> is the value of the SiteMinder user's name, obtained from the SiteMinder session token, using the ATTR_USERNAME key. Example: (uid=johns)

    Note

    When the MSS Server is not configured for authorization, any value entered into this field is ignored.