Enable the CA SSO Policy Server Resource Adapter on WebSphere

The identity administrator enables the CA Single Sign-On (CA SSO, formerly known as SiteMinder) Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO® creates the user context.
cim141
The identity administrator enables the CA Single Sign-On (CA SSO, formerly known as SiteMinder) Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO® creates the user context.
 This procedure is specific to WebSphere. To learn the procedure for systems that use WildFly or WebLogic, see Enable the CA SSO Policy Server Resource Adapter.
 
Follow these steps:
 
  1. Open the WebSphere Admin Console using the following URL:
    http://<host-name>:9060/ibm/console/
  2. Browse to 
    Applications
    Application Types
    , and then 
    WebSphere Enterprise Applications
    . The available resources available appear in the 
    Enterprise Applications
     window. 
  3. Select 
    iam_im
    , and then select the 
    Configuration
     tab. 
  4. Under 
    Modules
    , select 
    Manage Modules
    , and then select 
    PolicyServerRA
  5. Under 
    Additional Properties
    , select 
    Resource Adapter
    .
  6. Under 
    Additional Properties
    , select 
    J2C Connection Factories
    , and then select 
    iam_im-PolicyServerConnection
  7. Repeat steps 8 through 10 for another resource named
     com.netegrity.ra.policyserver.IPolicyServerConnectionFactory
    .
  8. Under 
    Additional Properties
    , select 
    Custom Properties
    .
  9. Edit the following properties to match your system:
    : The properties have sample values.
    •  
      ValidateSMHeadersWit
       
      hPS:
       
       <true>
       
    •  
      Enabled: 
       
      <true>
       
    •  
      ConnectionURL: 
       
      <tail-sm6,44441,44442,44443>
       
    •  
      UserNameL: 
       
      <SiteMinder>
       
    •  
      AdminSecret: 
       
      <{PBES}:gSex2/BhDGzEKWvFmzca4w==>
       
    •  
      AgentName:
       
      <imuser>
       
    •  
      AgentSecret: 
       
      <{PBES}:gSex2/BhDGzEKWvFmzca4w==>
       
    •  
      Optionally
      , if you are using FIPS, set 
      FIPSMode
       to true
  10. A message appears after you edit your selections. Select 
    Save
     to directly save your changes to the master configuration.
    : To learn how to encrypt the password, see The Password Tool.
  11. To apply your changes, restart the Application Server.
A sample ra.xml configuration for WebSphere would appear in the admin console similar to the following graphic: 
  Sample WAS RA_XML.png  
 
 
: To disable the CA SSO Integration, change the 
Enabled
 property to 
false
, as ishown in the following graphic:
  Disable WAS_SSO.png  
 
For detailed instructions for removing CA SSO from an existing CA Identity Manager environment, see Remove CA SSO from the CA Identity Manager Deployment.