Enable the CA SSO Policy Server Resource Adapter

The identity administrator enables the CA SSO Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO creates the user context.
cim142
The identity administrator enables the CA SSO Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO creates the user context.
This procedure only applies for systems using Wild Fly or WebLogic. To learn the WebSphere-specific procedure, see Enable the CA SSO Policy Server Resource Adapter on WebSphere.
 
Follow these steps:
 
  1. Navigate to the
     /iam_im.ear/policysever.rar/META-INF
     folder on the application server.
    Note:
     In a Virtual Appliance environment, the ra.xml file is located at /opt/CA/VirtualAppliance/custom/IdentityManager/SiteMinder_config.
  2. Open the 
    ra.xml
     file in an editor.
  3. Search for the 
    Enabled
     config-property, and then change the 
    config-property-value
     to 
    true
     as shown in the following code snippet:
    <config-property>
    <config-property-name>Enabled</config-property-name>
    <config-property-type>java.lang.String</config-property-type>
    <config-property-value>true</config-property-value>
    </config-property>
  4. The 
    ValidateSMHeadersWithPS
     property enforces validation of the SM header user (SM_USERDN) by CA SSO.
    The default 
    config-property-value 
    for the 
    ValidateSMHeadersWithPS 
    property is 
    true
    . You can set this value to 
    false
     in case you trust the SM header user and want to skip the validation step.
    <config-property>
    <config-property-name>ValidateSMHeadersWithPS</config-property-name>
    <config-property-type>java.lang.String</config-property-type>
    <config-property-value>true</config-property-value>
    </config-property>
  5. Search for the 
    ConnectionURL
     property and provide the hostname of the CA SSO Policy Server. Use a fully qualified domain name (FQDN).
  6. Search for the 
    UserName
     property and specify the account to use for communication with CA SSO. 
    SiteMinder
     is the default value for this account.
  7. Search for the 
    AgentSecret
     config-property and then enter an encrypted password in the 
    config-property-value
     as shown in the following code snippet:
    <config-property>
    <config-property-name>AgentSecret</config-property-name>
    <config-property-type>java.lang.String</config-property-type>
    <config-property-value><encrypted_password></config-property-value>
    </config-property>
    You can use the encrypted password from the 
    directory.xml
     file that you had exported. In case you want to use a password different from the 
    directory.xml
    , you can encrypt a new password using Password Tool 
    .
     
  8. Search for the 
    AgentName
     config-property and then update the 
    config-property-value
     with the 4.x agent name as shown in the following code snippet. This is the same agent that the policy administrator creates during the CA SSO configuration.
    <config-property>
    <config-property-name>AgentName</config-property-name>
    <config-property-type>java.lang.String</config-property-type>
    <config-property-value>@AGENTNAME</config-property-value>
    </config-property>
  9. Save 
    ra.xml
     file.
The CA SSO Policy Server Resource Adapter is enabled.