Store Session Information in IBM DB2
Contents
sm1252sp1
Contents
2
Gather Database Information
sm1252sp1
Configuring a single IBM DB2 database to function as a policy store or any other type of
CA Single Sign-On
data store requires specific database information.Consider the following items:
- Information that is prefixed with a W represents a Windows requirement.
- Information that is prefixed with a U represents a UNIX requirement.
Gather the following information before configuring the policy store or any other type of
CA Single Sign-On
data store. You can use the IBM DB2 Information Worksheet to record your values.- Database instance name—Determine the name of the database instance that is to function as the policy store or data store.
- Administrative account—Determine the user name of an account with privileges to create, read, modify, and delete objects in the database.
- Administrative password—Determine the password for the Administrative account.
- IP address—Determine the IP address of the database host system.
- Tcp port—Determine the port on which the database is listening.
- (W)Data source name—Determine the name that is to identify the data source.
- (U)Policy Server root—Determine the explicit path to where the Policy Server is installed.
- (U)Package—Determine the name of the package that is to process dynamic SQL.
- (U)Package owner—Determine the AuthID assigned to the package. The AuthID must have the authority to execute all SQLs in the package.
- (U)Grant AuthID—If you want to restrict execute privileges for the package, determine the AuthID that is granted execute permissions for the package.Default wire protocol setting:Public
- (U)Isolation level—Determine the method by which the system acquires and releases locks.Default wire protocol setting:CURSOR_STABILTY
- (U)Dynamic sections—Determine the number of sections that the wire protocol driver package can prepare for a single user.Default wire protocol setting:100
Create the Session Store Schema
You create the
CA Single Sign-On
schema so that an IBM DB2 database can store session information.Follow these steps:
- Log in to the Policy Server host system.
- Navigate tositeminder_home\db\tier2\DB2.
- siteminder_homeSpecifies the Policy Server installation path.
- Open the following file and copy the contents to a text editor:sm_db2_ss.sql
- Paste the contents into a query and execute the query.For more information executing a query, see the IBM documentation.The session store schema is added to the database.
Point the Policy Server to the Database
sm1252sp1
You point the Policy Server to the database so the Policy Server can read and store session information.
To point the Policy Server to the data store
- Open the Policy Server Management Console, and click the Data tab.Database settings appear.
- Select Session Server from the Database list.Data source settings become active.
- Enter the name of the data source in the Data Source Information field.
- (Windows) this entry must match the name you entered in the Data Source Name field when you created the data source.
- (UNIX) this entry must match the first line of the data source entry in the system_odbc.ini file. By default, the first line in the file is [CA Single Sign-OnData Sources]. If you modified the first entry, be sure that you enter the correct value.
- Enter and confirm the user name and password of the database account that has full access rights to the database instance in the respective fields.
- Specify the maximum number of database connections allocated toCA Single Sign-On.We recommend retaining the default for best performance.
- Click Apply.The settings are saved.
- Click Test Connection.CA Single Sign-Onreturns a confirmation that the Policy Server can access the data store.
- Click OK.The Policy Server is configured to use the database as a session store.
Restart the Policy Server
sm1252sp1
You restart the Policy Server for certain settings to take effect.
Follow these steps:
- Open the Policy Server Management Console.
- Click the Status tab, and click Stop in the Policy Server group box.The Policy Server stops as indicated by the red stoplight.
- Click Start.The Policy Server starts as indicated by the green stoplight.Note: On UNIX, execute the stop-ps and start-ps commands to restart Policy Server. To restart Policy Server and CA Risk Authentication, execute the stop-all and start-all commands.