SiteMinder

Connector name	`agtsm`
Connector type	Executable
Type (UI field value)	Netegrity SiteMinder
Target system versions supported / tested	Bravura Security Fabric targets SiteMinder systems by using a connector working together with a service plugin on the server side. Note: CA bought Netegrity in 2004 and renamed the system to CA SiteMinder to be in line with the vendor name change.
Connector status / support	Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.
Installation / setup	The connector and Unix Listener is shipped with Connector Pack.The Unix Listener, which you install on the Unix system, is distributed with the Connector Pack as an archive file, psunix-<os>.<cpu>.tar.gz .
Upgrade notes	This connector is shipped with Connector Pack 4.5 or earlier as a Bravura Security-Verified connector, however as of version 4.6 this connector is now a Customer-Verified connector.

The following Bravura Security Fabric operations are supported by the connector for SiteMinder (agtsm):

user verify password
get server information
user change password
administrator reset password
administrator reset+expire password
expire password
unexpire password
administrator verify password
verify+reset password
enable account
disable account
check account enabled
lock account
unlock account
check account lock
List:
- accounts

The SiteMinder connector does not support account creation or group operations.

For a full list and explanation of each connector operation, see Connector operations.

Preparation

Before targeting a SiteMinder system:

Configure target system administrators
Define the SiteMinder user directory
Install the pssiteminder service plugin
Create an attribute configuration file
Configure the Bravura Security Fabric server

Configuring target system administrators

Bravura Security Fabric uses a designated account on the SiteMinder server to list and manage users. A SiteMinder agent is also required to logon to the SiteMinder server.

The target administrator must have the following privileges:

Manage System and Domain Objects (for listing users)
Manage Users (for user management tasks)

Create a SiteMinder agent to be used by the Bravura Security Fabric connector to log into the SiteMinder server. Configure the second administrator as follows:

Name to be used as the additional target system ID when configuring the SiteMinder target system in Bravura Security Fabric
Description any value
Support 4.x agents must be checked
Agent Type SiteMinder, Web Agent
IP address or host name the IP address or host name of the Bravura Security Fabric server
Shared secret password for the additional target system administrator when configuring the SiteMinder target system in Bravura Security Fabric

This is illustrated in the figure below.

Defining the SiteMinder user directory

If required, configure the user directory on the SiteMinder server to use a short "authentication attribute" by changing the LDAP User DN Lookup option. If not configured, the agent will assume the input is the full DN.

This is illustrated in the figure below.

Installing the pssiteminder service plugin on the SiteMinder server

Before targeting SiteMinder, you must install the pssiteminder service plugin, shipped with Connector Pack, on the SiteMinder server.

Unix

To install pssiteminder on a Unix SiteMinder server:

If you did not select the Unix Installation Packages when you installed Connector Pack, run the Connector Pack setup on the Bravura Security Fabric server to modify your instance and choose to make a custom installation.
See Installing Connector Pack for more details.Connector Pack Installation
Extract the pssiteminder shared object for your platform from the appropriate psunix archive, located in the unix directory (for example, pssiteminder.solaris8.sparc).
Determine where Siteminder is installed on your Unix server (for example /opt/siteminder).
Copy the pssiteminder shared object into <Siteminder_install_dir>/lib and rename it to pssiteminder.so :
```
cp ./pssiteminder.solaris8.sparc /opt/siteminder/lib/pssiteminder.so
```
Restart the SiteMinder server.

Windows

To install pssiteminder on a Windows SiteMinder server:

Locate pssiteminder.dll in <Connector Pack Install>/agent.
Copy pssiteminder.dll to your SiteMinder server into the directory <Siteminder install dir>/bin.
Restart the SiteMinder server.

Creating a SiteMinder attribute configuration file

A SiteMinder target system requires a configuration file defining server attributes. This file must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory.

The script must describe the following attributes:

accountport account port
authport authentication port
azport authorization port
platform specifies whether it is a Windows based server or a Unix based server.
UserDir specifies the user directory the SiteMinder server agent is working on.

Other attributes can be set as required.

For example:

  "m-tech:agent:agtmtech" "1" = {
       "accountport" = "44441"
       "authport" = "44442"
       "azport" = "44443"
       "timeout" = "300"
       "connmin" = "1"
       "connmax" = "100"
       "connstep" = "1"
       "platform" = "UNIX"
       "UserDir" = "localLDAP"
  }

Configuring the Bravura Security Fabric server

To set up the Bravura Security Fabric server to target SiteMinder:

Install the SiteMinder SDK.
Install the Oracle client, or just copy the oci.dll into an accessible path.
Modify the PATH environment variable to include a directory with SMAgentAPI.dll and oci.dll in it. For example:
- If you installed a SiteMinder SDK, SMAgentAPI.dll can be found in <path to SiteMinder SDK >\bin\win32.
- If you installed an Oracle client, oci.dll can be found in <path to Oracle client>\bin.
- The jvm.dll can be found in <path to java>\jre\bin\client and <path to java>\jre\bin\server.

Targeting SiteMinder

After you have configured the SiteMinder server and Bravura Security Fabric server, add the server as a target system in Bravura Security Fabric (Manage the system > Resources > Target systems):

Type is Netegrity SiteMinder .
The target system address using the following settings:
Server Host name.
Config file is a file containing specified server attributes. This file must be located in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory.
See Creating a SiteMinder attribute configuration file
The address is entered in the following syntax:
<hostname>/<Config file>
Enter the administrator credentials created earlier.
Do not select the system password checkbox for the target system administrator that will list users.
Set the second target system administrator as the SiteMinder agent you created, and select the system password checkbox.

In this section: