November 20, 2006

CA Siteminder Installation

Software related to SiteMinder

  • iPlanet5.1
  • Netegrity PolicyServer6.0sp4
  • WebAgent6
  • SiteMinder Documentation

You can access them dassw01\SiteMinder

Installing the LDAP-Iplanet5.1

  1. start the setup.exe (SiteMinder\iplanet5.1\Iplanet_LDAP\setup.exe)
  2. Select the installation server - iplanet servers.
  3. Select the installation type - Typical.
  4. choose the location of the iplanet installation.
  5. Default components to install.
  6. Choose the configuration directory server as default.
  7. Directory Server Settings
    1. server identifier : hostname
    2. port no. : 389
    3. suffix : dc=ca,dc=com
  8. Configuration directory Server Administrator
    1. Configuration Directory Admin id : admin
    2. Password : iamca123
  9. Administration Domain Setting: ca.com
  10. Directory Manager Settings : cn=Directory Manager
    1. Password : iamca123
  11. Make a note of generated Administration port.
  12. Restart the machine.

Installing the SiteMinder Policy Server 6.0SP4

  1. Make sure IIS webserver is installed and running successfully.
  2. Install J2re 1.4.2_07, in the custom installation path(C:\Java)from the policy server setup (Siteminder\ps-6.0sp4-win32\thirdparty-tools).
  3. Install ServletExec 5.0 from the policy server setup (ps-6.0sp4-win32\thirdparty-tools\servlet-engine5.0)
  4. Start the policy server setup (nete-ps-6.0-sp4-win32).
  5. Accept the license agreement.
  6. Choose the siteminder install folder(c:\program files\netegrity)
  7. Give the Policy store encryption key.
  8. Choose the default features(one view GUI,webserver, policystore).
  9. select the webserver as Microsoft IIS5.0
  10. Choose the policyStore as - other supported LDAP.
  11. Policy Store details:
    1. ipadress: fully qualified domain name (or) ipaddress
    2. port : 389
    3. RootDN : dc=ca,dc=com (DN=which we have given while installing iplanet)
  12. Policy Store Admin Information:
    1. Admin DN: cn=Directory Manager
    2. password: iamca123 (password which we have given while installing iplanet)
  13. select initialize instance for setting up a new policy store.
  14. Enter the password for the superuser Account.
  15. After Succesfully completing the installation.Restart the Machine.
  16. Start->programs->Netegrity PolicyServer UserInterface. Enter username/Password:SiteMinder/password.
  17. Login should be succesfull.

Installing the IIS5.0 webAgent

  1. Make sure IIS5.0 webserver is running successfully.
  2. Start the siteminder webagent setup.exe(SiteMinder/smwa-6qmr4-win32/smwa-6qmr4-win32\nete-wa-6qmr4-win32.exe)
  3. Choose the install location for webagent(C:\program files\netegrity\webagent)
  4. select the webagent configuration option as 'yes'.
  5. In the Host Registration, select 'yes' to configure the agent with policy server.
  6. Give the Admin Registration details
    1. Admin username: siteminder
    2. password : iamca123
  7. Enter the trusted hostname, hostconfig object
    1. Trusthostname : trusted1
    2. Hostconfig obj : smhostconfig (object should be created in SMPS)
      1. Note: Selct the Existing(Defaulthostsettings) config obj, when creating the smhostconfig object.
      2. In the new, smhostconfig object - update the policy server details.
  8. Enter the policyserver IPAddress: fully qualified domain name or ipaddress
  9. Accept the default generated host configuration file location.
  10. Select the webserver - Microsoft IIS5.0
  11. Enter the Agent Configuration Object -
    1. Agent Configuration obj : smagentconfig (object should be created in SMPS)
      1. Note: Selct the Existing(IISDefaultsettings) config obj, when creating the smagentconfig object.
      2. In the new, smagentconfig - update the Default AgentName Parameter with "webAgent Name".
  12. Enter the details of self Registration services Admin account.
  13. Installation Succesful message should be displayed at the end.

Configurations on how to Authenticate & Authorize a protected resource

Create the following objects in the Policy Server User Interface.

  1. Create an Agent Object "smagent".
  2. Create an host configuration object : smhostconfig
    1. edit the policyserver details : fullyqualified domain name or ipaddress of policyserver
  3. Create an Agent Cofiguration object : smagentconfig
    1. edit the Default Agent name : smagent
  4. create a user directory : smldap (Policy Server User Interace)
    1. Server : fullyqualifieddomainname:ldapportno (etr6506l3-w2s34.ca.com:389)
    2. Root : dc=ca,dc=com
    3. LDAP User DN lookup : Start DN -"(uid=",
    4. End DN - ")".
  5. Create a domin: smdomain
    1. Add the user userdirectories : smldap
  6. Create a Realm: smrealm
    1. Add the agent : smagent
    2. Resource filter: /test
    3. Authentication Scheme: Basic
  7. create a rule: smrule
    1. Resource filter:/*.html
  8. Create a policy: smpolicy
    1. users: add the ldap user
    2. Rule : add the smrule
  9. Enable the webagent(c:\program files\netegrity\webagent\bin\IIS\WebAgent.conf)
    1. Enable webAgent ="YES"
  10. Restart the IIS webServer
  11. Start accessing the protected resource.

at

1 comment:

Mukund said...

Software related to SiteMinder
• iPlanet5.1
• Netegrity PolicyServer6.0sp4
• WebAgent6
• SiteMinder Documentation
Installing the LDAP-Iplanet5.1
________________________________________
1. start the setup.exe (SiteMinder\iplanet5.1\Iplanet_LDAP\setup.exe)
2. Select the installation server - iplanet servers.
3. Select the installation type - Typical.
4. Choose the location of the iplanet installation.
5. Default components to install.
6. Choose the configuration directory server as default.
7. Directory Server Settings
1. server identifier : hostname
2. port no. : 389
3. suffix : dc=entrust,dc=com
8. Configuration directory Server Administrator
1. Configuration Directory Admin id : admin
2. Password : iamca123
9. Administration Domain Setting: entrust.com
10. Directory Manager Settings : cn=Directory Manager
1. Password : iamca123
11. Make a note of generated Administration port.
12. Restart the machine.
Installing the SiteMinder Policy Server 6.0SP4
________________________________________
1. Make sure IIS webserver is installed and running successfully.
2. Install J2re 1.4.2_07, in the custom installation path(C:\Java)from the policy server setup (Siteminder\ps-6.0sp4-win32\thirdparty-tools).
3. Install ServletExec 5.0 from the policy server setup (ps-6.0sp4-win32\thirdparty-tools\servlet-engine5.0)
4. Start the policy server setup (nete-ps-6.0-sp4-win32).
5. Accept the license agreement.
6. Choose the siteminder install folder(c:\program files\netegrity)
7. Give the Policy store encryption key.
8. Choose the default features (one view GUI,webserver, policystore).
9. select the webserver as Microsoft IIS5.0
10. Choose the policyStore as - other supported LDAP.
11. Policy Store details:
1. ipadress: fully qualified domain name (or) ipaddress
2. port : 389
3. RootDN : dc=entrust,dc=com (DN=which we have given while installing iplanet)
12. Policy Store Admin Information:
1. Admin DN: cn=Directory Manager
2. password: iamca123 (password which we have given while installing iplanet)
13. Select initialize instance for setting up a new policy store.
14. Enter the password for the superuser Account.
15. After successfully completing the installation. Restart the Machine.
16. Start->programs->Netegrity PolicyServer UserInterface. Enter username/Password:SiteMinder/password.
17. Login should be successful.
18. Login to the siteminder using the super user and password provided at step 14
19. On the left hand side we list of items
To create a agent
20. Right click on Agents->Create agent-> ex:- siteminder
To create agent conf object
21. Click on Agent Conf Objects on the right hand side we see a list of objects, right click on the required one based on the webserver.
22. Select “Duplicate configuration object” change the name of the agent conf object. Ex: iisdefaultsettings
23. Set the defaultagentname to the agent created in step 20.
24. Set the MaxResourceCacheSize parameter value to 0.
To create Host Conf object
25. Click on Host Conf objects, we see a list of objects, right click on the default host settings and duplicate the same and change the name of the host conft object. Ex: defaulthostsettings
26. Set the policyserver parameter to (IP address of policy server),44441,44442,44443
To create user directories
27. Right click on user directories in order to create a new user directory
28. In User directory properties, Under LDAP search set User DN (dc=entrust, dc=com)
29. In User directory properties, under LDAP user DN lookup set Start: (uid= and End: )
30. Click on view contents must be able to view the contents of the LDAP.
To create domain
31. Right click on Domain to create a new domain
32. User Directory select the user directory from the drop down and add the same.
Installing the IIS5.0 webAgent
1. Make sure IIS5.0 webserver is running successfully.
2. Start the siteminder webagent setup.exe(SiteMinder/smwa-6qmr4-win32/smwa-6qmr4-win32\nete-wa-6qmr4-win32.exe)
3. Choose the install location for webagent(C:\program files\netegrity\webagent)
4. Select the webagent configuration option as 'yes'.
5. In the Host Registration, select 'yes' to configure the agent with policy server.
6. Give the Admin Registration details – enter the super user password of siteminder
1. Admin username: siteminder
2. password : iamca123
7. Enter the trusted hostname, hostconfig object
1. Trusthostname : trusted1
2. Hostconfig obj : Enter the Host conf object set in policy server
8. Enter the policyserver IPAddress: fully qualified domain name or ipaddress
9. Accept the default generated host configuration file location.
10. Select the webserver - Microsoft IIS5.0
11. Enter the Agent Configuration Object – enter the agent conf object set in the policy server.
12. Enter the details of self Registration services Admin account.
13. Installation Successful message should be displayed at the end.
After completion of web agent settings. Login the siteminder policy server and type “Ctrl H” in order to see the trusted hosts, which were set while configuring the webagent. If we do not see the trusted hosts, then the web agent configuration is wrong
Configurations on how to authenticate & authorize a protected resource
Create the following objects in the Policy Server User Interface. Login to policy server. Click on the Domain tab in policy server. We see a drop down menu under the domain name. (Realm, Rule Groups, responses, response groups, policies)
Create realm
1. Under realm, create a Realm: smrealm
1. Look up for the webagent, select the respective agent.
2. Resource filter: /test
3. Authentication Scheme: Basic
Create rule
2. Right click on the realm and create a rule: smrule
1. Realm: Select the realm under from the drop down box
2. Resource filter:/*
Create policy
3. Create a policy: smpolicy
1. users: add the ldap user
2. Rule : add the smrule
4. Login to the machine were web agent is installed. Enable the webagent(c:\program files\netegrity\webagent\bin\IIS\WebAgent.conf)
1. Enable webAgent ="YES"
5. Restart the IIS webServer
6. Start accessing the protected resource.

1/04/2007 12:30 AM

Post a Comment

Subscribe to: Post Comments (Atom)