How to Configure an Oracle Policy Store

Contents
casso1283
Contents
2
A single Oracle database can function as a:
  • policy store
  • key store
  • logging database
Using a single database simplifies administrative tasks. The following sections provide instruction on how to configure a single database server to store
SiteMinder
data.
You can configure an Oracle policy store manually or use the Policy Server installer to configure the policy store automatically.
To configure a single Oracle database as a policy store, key store, and logging database, complete the following procedures:
Prerequisites for an Oracle 10g Database
After installing the Oracle 10g database, complete the following prerequisites:
  • Create a table space for the policy store.
  • Create a user with appropriate privileges to manage this table space in the database.
  • The database instance must be case-insensitive.
Create an Oracle 10g Table Space for the Policy Store
Creating a table space for the policy store is a prerequisite for an Oracle 10g database only.
Follow these steps:
  1. In the Oracle Enterprise Manager 10g Database Control, log in as the SYSDBA user with appropriate privileges to manage the Oracle database.
  2. On the Oracle global database’s configuration screen, select Administration, Tablespaces.
  3. On the Tablespaces screen, click Create.
  4. On the Create Tablespaces screen, enter a table space name, and click ADD.
    Example:
    NETE_TB
  5. On the Create Tablespaces: Add Datafile screen:
    1. Enter a file name.
      Example: NETE_TB
    2. Specify the file size.
      Example: 100 MB
    3. Click Continue.
    Oracle creates the table space and displays it on the Tablespaces screen.
Complete the prerequisites by creating a user to manage the table space for the policy store.
Create an Oracle 10g User to Manage the Policy Store’s Table Space
Creating a user to manage table space for the policy store is a prerequisite for an Oracle 10g database only.
Follow these steps:
  1. On the Oracle global database’s configuration screen, select Administration, Users.
  2. On the Create Tablespaces screen, click Create.
  3. On the Create User screen, enter the:
    • Name for the user.
      Example: NETE
    • Password for the user.
    • Default Tablespace that you created.
    • Temporary tablespace.
      Example:
      TEMP
  4. Click Roles.
  5. Select Modify.
  6. On the Modify Roles screen:
    1. Select CONNECT and RESOURCE as a roles for this user.
    2. Click Apply.
  7. Start sqlplus in a command window, by entering:
    1. sqlplus
    2. the credentials for the policy store user created on the Create User screen.
    You have completed the prerequisites for an Oracle 10g database, and can now configure a
    SiteMinder
    data store for the database.
Prerequisites for an Oracle 12c Database
After you install the Oracle 12c Database, perform the following steps:
  1. Create a table space for the policy store.
  2. The database instance must be case-insensitive.
  3. Create a user with the following privileges to manage the table space in the database:
    • Connect
    • Resource
    • Unlimited Tablespace
Gather Database Information
Configuring a single Oracle database to function as a policy store or any other type of
SiteMinder
data store requires specific database information.
Information prefixed with (U) indicates that the information is only required if the Policy Server is installed on a UNIX system. This information is required when configuring Oracle data source for UNIX.
Required Information
Gather the following required information before configuring a supported Oracle or Oracle RAC database as a policy store or any other type of
SiteMinder
data store:
  • (U)
    Policy Server installation path
    —Identify the explicit path to where the Policy Server is installed.
  • Data source
    —Determine the name you will use to identify the Oracle data source.
    Example:
    SM Oracle Server Wire DS.
  • Database administrative account
    —Determine the user name of an account with privileges to create, read, modify, and delete objects in the database.
    Ensure the administrative account does not have the DB role.
  • Database administrative Password
    —Determine the password for the Administrative account.
Oracle Database Information
Gather the following information only if you are configuring a supported Oracle database as a policy store or any other type of
SiteMinder
data store:
  • Oracle machine name
    —Determine the name of the machine on which the Oracle database is installed.
  • Oracle instance service name
    —Determine the service name of the database instance to which you will connect. The tnsnames.ora file specifies service names.
  • Oracle port number
    —Determine the port number on which the Oracle database is listening.
Oracle RAC Database (without SCAN) Information
Gather the following information if you are configuring a supported Oracle RAC database (without SCAN functionality configured) as a policy store or any other
SiteMinder
data store:
  • Oracle RAC system service name—
    Determine the service name for the entire system.
    Example:
    In the following tnsnames.ora file, SMDB is the service name for the entire system:
    SMDB=
    (Description =
    (ADDRESS = PROTOCOL = TCP)(HOST = nete_servername1)(PORT=1521
    (ADDRESS = PROTOCOL = TCP)(HOST = nete_servername2)(PORT=1521)
    (ADDRESS = PROTOCOL = TCP)(HOST = nete_servername3)(PORT=1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA=
    (SERVER = DEDICATED)
    (SERVER_NAME = SMDB))
    )
  • Oracle RAC node service names
    —Determine the service names for each node in the system.
  • Oracle RAC node IP addresses
    —Determine the IP Address of each node in the Oracle RAC system.
    If you are using Oracle RAC 10g, determine the virtual IP address of each node in the system.
  • Oracle RAC node port numbers
    —Determine the port number for each node in the Oracle RAC system.
Oracle RAC Database (Using SCAN) Information
The Oracle RAC Single Client Access Name (SCAN) feature provides a single name for clients to access any Oracle Database running in a cluster.
Gather the following information if you are configuring an Oracle RAC database with SCAN functionality as a policy store or any other
SiteMinder
data store:
  • Oracle RAC system service name
    —Determine the service name for the entire system.
    Example:
    In the following tnsnames.ora file, SMDB is the service name for the entire system:
    SMDB=
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = clus-scan.example.com)(PORT = 1521))
    (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = SMDB)
    )
    )
  • Oracle RAC SCAN Address
    —Determine the FQDN of the Oracle RAC system SCAN.
  • Oracle RAC SCAN port number
    —Determine the port number for the Oracle RAC system SCAN.
Create the
SiteMinder
Schema
You create the schema so a single Oracle database can store policy, key, and audit logging information.
Follow these steps:
  1. Log in to Oracle with sqlplus or some other Oracle utility as the user who administers the Policy Server database information.
    We recommend that you do not create the schema with the SYS or SYSTEM users. If necessary, create an Oracle user, such as SMOWNER, and create the schema with that user.
  2. Import the following script:
    $NETE_PS_ROOT/db/sql/sm_oracle_ps.sql
    Environment variables may not function in the SQL utility of Oracle. If you experience problems importing the script using the utility, specify an explicit path.
    The policy store and key store schema is added to the database.
  3. Import the following script
    $NETE_PS_ROOT/xps/db/Oracle.sql
    The policy store schema is extended.
  4. Import the following script to use the policy store as an audit logging database:
    sm_oracle_logs.sql.
    Note:
    You are not required to configure the policy store to store additional
    SiteMinder
    data. You can configure individual databases to function as a separate audit log database, key store, and session store.
    The database can store
    SiteMinder
    data.
Configure an Oracle Data Source for
SiteMinder
If you are using ODBC, you need to configure a data source for the Oracle wire protocol driver.
Create an Oracle Data Source on Windows
Create an ODBC data source for an Oracle database.
Follow these steps:
  1. Click Start and navigate to Programs, Administrative Tools.
  2. Select ODBC Data Sources (64-bit).
    The ODBC Data Source Administrator dialog opens.
  3. Click the System DSN tab and click Add.
    The Create New Data Source dialog appears
  4. Select SiteMinder Oracle Wire Protocol, and click Finish.
    The ODBC Oracle Wire Protocol Driver Setup dialog appears. The General tab is pulled to the front.
  5. Enter a name that identifies the data source in the Data Source Name field.
    Record this name. You will need the data source name when pointing the Policy Server to the database.
  6. Enter the machine name where the Oracle database is installed in the Host Name field.
  7. Enter the port number where the Oracle database is listening on the machine in the Port Number field.
  8. Enter the name of the Oracle instance to which you want to connect in the SID field.
    The service name is specified in the tnsnames.ora file. The SID is the system identifier for the database instance. The tnsnames.ora file contains service names and details that Oracle uses to identify and connect to Oracle instances.
    Example:
    if the tnsnames.ora file contains the following entry for an Oracle instance, you enter instance1 in the SID field:
    instance1 =
    (Description=
    (Address = (PROTOCOL = TCP)(Host = myhost)(Port=1521))
    (Connect_DATA_ = (SID = SIDofinstance1))
    )
  9. Click the Advanced tab and enter the following in the Extended Options field:
    EnableNcharSupport=0
  10. Click Test Connection.
    The connection settings are tested and a prompt appears specifying that the connection is successful.
  11. Click OK.
    The Oracle data source is configured for the wire protocol driver.
Create an Oracle RAC (no SCAN) Data Source on Windows
Create an ODBC data source for an Oracle RAC database that does not use the SCAN feature.
Follow these steps:
  1. Click Start and navigate to Programs, Administrative Tools.
  2. Select ODBC Data Sources (64-bit).
    The ODBC Data Source Administrator dialog opens.
  3. Click the System DSN tab and click Add.
    The Create New Data Source dialog appears.
  4. Select
    SiteMinder
    Oracle Wire Protocol, and click Finish.
    The ODBC Oracle Wire Protocol Driver Setup dialog appears. The General tab is pulled to the front.
  5. Enter a name that identifies the data source in the Data Source Name field.
    Record this name. You will need the data source name when pointing the Policy Server to the database.
  6. Enter the IP Address of the first node in the Oracle RAC system in the Host field.
    Oracle RAC 10g: Enter the virtual IP Address.
  7. Enter the service name for the entire Oracle RAC system in the Service Name field.
    Example:
    In the following tnsnames.ora file, the SMDB value is the service name for the entire Oracle RAC system, which contains 3 nodes:
    SMDB=
    (Description =
    (ADDRESS = (Protocol = TCP)(HOST = nete_servername1)(PORT = 1521))
    (ADDRESS = (Protocol = TCP)(HOST = nete_servername2)(PORT = 1521))
    (ADDRESS = (Protocol = TCP)(HOST = nete_servername3)(PORT = 1521))
    (LOAD_BALANCE = yes)
    (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = SMDB)
    )
  8. Click the Failover tab.
    Failover settings appear.
  9. Specify the host name or virtual IP Address, port number, and service name for the remaining Oracle RAC nodes in the environment in the Alternate Servers field.
    The ServiceName is the service name for the entire Oracle RAC system.
  10. Specify the AlternateServers to provide connection failover to the other Oracle nodes if the primary server is not accepting connections. The entry should have the following format:
    (HostName=nete_servername2:PortNumber=1521:ServiceName=nete_servicename[,...])
  11. Select LoadBalancing.
  12. Click the Advanced tab and enter the following in the Extended Options field:
    EnableNcharSupport=0
  13. Click OK
    The Oracle RAC data source is configured for the wire protocol driver.
Create an Oracle RAC SCAN Data Source on Windows
Create an ODBC data source for an Oracle RAC database that uses the SCAN feature.
Follow these steps:
  1. Click Start and navigate to Programs, Administrative Tools.
    Select ODBC Data Sources (64-bit).
    The ODBC Data Source Administrator dialog opens.
    Click the System DSN tab and click Add.
  2. Select SiteMinder Oracle Wire Protocol, and click Finish.
    The ODBC Oracle Wire Protocol Driver Setup dialog appears. The General tab is pulled to the front.
  3. Enter a name that identifies the data source in the Data Source Name field.
    Record this name. You will need the data source name when pointing the Policy Server to the database.
  4. Enter the FQDN or IP Address of the SCAN in the Host field.
  5. Enter the port number of the SCAN in the Port Number field.
  6. Enter the service name for the entire Oracle RAC system in the Service Name field.
    Example:
    In the following tnsnames.ora file, the SMDB value is the service name for the entire Oracle RAC system, which contains the SCAN:
    SMDB =
    (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = clus-scan.rac.com)(PORT = 1521))
    (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = ORCL)
    )
    )
  7. Click the Advanced tab and enter the following in the Extended Options field:
    EnableNcharSupport=0
  8. Click OK
    The Oracle RAC data source is configured for the wire protocol driver.
Create an Oracle Data Source on UNIX Systems
You configure the names of available ODBC data sources and the attributes that are associated with these data sources in the system_odbc.ini file.
To create the system_odbc.ini file:
  1. Navigate to
    policy_server_installation
    /db.
  2. Rename oraclewire.ini to "system_odbc.ini".
Customize the system_odbc.ini file for each site. You can also add more data sources to this file, such as defining extra ODBC user directories for
SiteMinder
.
The first section of the system_odbc.ini file, [ODBC Data Sources], contains a list of all of the currently available data sources. The name before the “=” refers to a subsequent section of the file describing each individual data source. After the “=” is a comment field.
If you modify of the first line of the data source entry ([
SiteMinder
Data Source]), take note of the change. This value is required to configure your ODBC database as a policy store.
Each data source has a section in the system_odbc.ini file describing its attributes. The first attribute is the ODBC driver to be loaded when
SiteMinder
uses this data source. The remaining attributes are specific to the driver.
To add an Oracle Data source
:
  1. Define a new data source name in the [ODBC Data Sources] section of the file.
  2. Add a section that describes the data source using the same name as the data source.
To create a service name or use a different driver, edit the system_odbc.ini file. Entries for the SQL Server or Oracle drivers belong under [
SiteMinder
Data Source].
Configure the Oracle Wire Protocol Driver
You configure the wire protocol driver to specify the settings the Policy Server uses to connect to the database.
This procedure only applies if the Policy Server is installed on a UNIX system. If you have not already done so, copy one of the following files and rename it
system_odbc.ini
:
  • sqlserverwire.ini
  • oraclewire.ini
  • mysqlwire.ini
  • postgresqlwire.ini
  • db2wire.ini
These files are located in
siteminder_home
/db.
The system_odbc.ini file contains the following sections. The data source that you are configuring determine the section or sections that you edit:
  • [SiteMinder Data Source]
    Specifies the settings
    SiteMinder
    is to use to connect to the database functioning as the policy store.
  • [SiteMinder Logs Data Source]
    Specifies the settings
    SiteMinder
    is to use to connect to the database functioning as the audit log database.
  • [SiteMinder Keys Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the key store.
  • [SiteMinder Session Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the session store.
  • [SmSampleUsers Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the sample user data store.
Follow these steps:
  1. Open the system_odbc.ini file.
  2. Depending on the data source you are configuring, edit the applicable data source sections with the following information. When editing data source information, do not use the pound sign (#). Entering a pound sign comments the information, which truncates the value. The truncated value may cause ODBC connections to fail.
    Driver=nete_ps_root/odbc/lib/NSora28.so
    Description=DataDirect 8.0 Oracle Wire Protocol
    HostName=host_name
    PortNumber=1521
    ServiceName=nete_serverid
    #SID=server_id
    CatalogOptions=0
    ProcedureRetResults=0
    EnableDescribeParam=0
    EnableStaticCursorsForLongData=0
    ApplicationUsingThreads=1
    DMCleanup=2
    EnableTimestampWithTimeZone=1
    EnableNcharSupport=0
    • nete_ps_root
      Specifies the explicit path of the Policy Server installation.
    • host_name
      Specifies the name of the Oracle database host system.
    Example:
    In the following sample tnsnames.ora file, the value instance1 is the SID
    instance1 =
    (Description =
    (ADDRESS = (Protocol = TCP)(Host = myhost)(Port = 1521)
    (CONNECT_DATA = (SID = instance1))
    )
  3. Save the file.
The Oracle wire protocol driver is configured.
Configure the Oracle Wire Protocol Driver for Oracle RAC without SCAN
You configure the wire protocol driver to specify the settings the Policy Server uses to connect to the database.
This procedure only applies if the Policy Server is installed on a UNIX system. If you have not already done so, copy one of the following files and rename it
system_odbc.ini
:
  • sqlserverwire.ini
  • oraclewire.ini
  • mysqlwire.ini
  • postgresqlwire.ini
These files are located in
siteminder_home
/db.
The system_odbc.ini file contains the following sections. The data source that you are configuring determine the section or sections that you edit:
  • [SiteMinder Data Source]
    Specifies the settings
    SiteMinder
    is to use to connect to the database functioning as the policy store.
  • [SiteMinder Logs Data Source]
    Specifies the settings
    SiteMinder
    is to use to connect to the database functioning as the audit log database.
  • [SiteMinder Keys Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the key store.
  • [SiteMinder Session Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the session store.
  • [SmSampleUsers Data Source]
    Specifies the settings
    SiteMinder
    is to connect to the database functioning as the sample user data store.
Follow these steps:
  1. Open the system_odbc.ini file.
  2. Depending on the data source you are configuring, edit the applicable data source sections with the following information. When editing data source information, do not use the pound sign (#). Entering a pound sign comments the information, which truncates the value. The truncated value may cause ODBC connections to fail.
    • Add ServiceName=
      nete_servicename
    • Add AlternateServers=
    • Add Loadbalancing=1
    • Remove or comment SID=nete_serverid
    The modified text for the data source should appear as follows:
    Driver=
    nete_ps_root
    /odbc/lib/NSora28.so
    Description=DataDirect 8.0 Oracle Wire Protocol
    Logon=
    uid
    Password=
    pwd
    HostName=
    server_name1
    PortNumber=1521
    ServiceName=
    service_name
    CatalogOptions=0
    ProcedureRetResults=0
    EnableDescribeParam=0
    EnableStaticCursorsForLongData=0
    ApplicationUsingThreads=1
    AlternateServers=
    LoadBalancing=1
    EnableNcharSupport=0
    • nete_ps_root
      Specifies an explicit path to the directory where Policy Server is installed.
    • uid
      Specifies the user name of the database account that has full access rights to the database.
    • pwd
      Specifies the password for the database account that has full access rights to the database.
    • server_name1
      Specifies the IP Address of the first Oracle RAC node.
      (Oracle 10g) Specifies the virtual IP Address of the first Oracle RAC node.
    • service_name
      Specifies the Oracle RAC system service name for the entire RAC system.
    • AlternateServers=
      If the primary server is not accepting connections, specifies the connection failover to the other Oracle nodes.
      Example:
      (HostName=nete_servername2:PortNumber=1521:ServiceName=nete_servicename[,...])
    • LoadBalancing=1
      Turns on client load balancing, which helps to distribute new connections to keep RAC nodes from being overwhelmed with connection requests. When enabled, the order in which primary and alternate database servers are accessed is random.
  3. Save the file.
    The Oracle wire protocol driver is configured.
Point the Policy Server to the Database
You point the Policy Server to the database so the Policy Server can access the
SiteMinder
data in the policy store.
Follow these steps:
  1. Open the Policy Server Management Console and click the Data tab.
  2. Select the following value from the Storage list:
    ODBC
  3. Select the following value from the Database list:
    Policy Store
  4. Enter the name of the data source in the Data Source Information field.
    • (Windows) The entry must match the name that you entered in the Data Source Name field when you created the data source.
    • (UNIX) The entry must match the first line of the data source entry in the system_odbc.ini file. By default, the first line in the file is [
      SiteMinder
      Data Sources]. If you modified the first entry, be sure to enter the correct value.
  5. Enter and confirm the user name and password of the database account that has full access rights to the database instance in the respective fields.
  6. Specify the maximum number of database connections that are allocated to
    SiteMinder
    .
    We recommend retaining the 25 connection default for best performance.
  7. Click Apply to save the settings.
  8. Select the following value from the Database list:
    Key Store
  9. Select the following value from the Storage list:
    ODBC
  10. Select the following option:
    Use the Policy Store database
  11. Select the following value from the Database list:
    Audit Logs
  12. Select the following value from the Storage list:
    ODBC
  13. Select the following option:
    Use the Policy Store database
  14. Click Apply to save the settings.
  15. Click Test Connection to verify that the Policy Server can access the policy store.
  16. Click OK.
    The Policy Server is configured to use the database as a policy store, key store, and logging database.
Set the
SiteMinder
Super User Password
The default administrator account is named
siteminder
. The account has maximum permissions.
Do not use the default super user for day-to-day operations. Use the default super user to:
  • Access the Administrative UI for the first time.
  • Manage
    SiteMinder
    utilities for the first time.
  • Create another administrator with super user permissions.
Follow these steps:
  1. Copy the smreg utility to
    siteminder_home
    \bin.
    • siteminder_home
      Specifies the Policy Server installation path.
    The utility is at the top level of the Policy Server installation kit.
  2. Run the following command:
    smreg -su
    password
    • password
      Specifies the password for the default administrator.
    The password has the following requirements:
    • The password must contain at least six (6) characters and cannot exceed 24 characters.
    • The password cannot include an ampersand (&) or an asterisk (*).
    • If the password contains a space, enclose the passphrase with quotation marks.
    If you are configuring an Oracle policy store, the password is case–sensitive. The password is not case–sensitive for all other policy stores.
  3. Delete smreg from
    siteminder_home
    \bin. Deleting smreg prevents someone from changing the password without knowing the previous one.
The password for the default administrator account is set.
Import the Policy Store Data Definitions
Importing the policy store data definitions defines the types of objects that can be created and stored in the policy store.
Follow these steps:
  1. Open a command window and navigate to
    siteminder_home
    \xps\dd.
    • siteminder_home
      Specifies the Policy Server installation path.
  2. Run the following command:
    XPSDDInstall SmMaster.xdd
    • XPSDDInstall
      Imports the required data definitions. If all Policy Servers point to the same policy store or replicated policy stores in your environment, run XPSDDInstall once on only one Policy Server in your environment and wait for the replication process to complete before you proceed to the next step. To avoid integrity errors, do not run XPSDDInstall on all the Policy Servers.
Import the Default Policy Store Objects
Importing the default policy store objects configures the policy store for use with the Administrative UI and the Policy Server.
Consider the following items:
  • Be sure that you have write access to
    siteminder_home
    \bin. The import utility requires this permission to import the policy store objects.
    • siteminder_home
      Specifies the Policy Server installation path.
  • If Windows User Account Control (UAC) is enabled, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges. For more information, see the release notes for your
    SiteMinder
    component.
Follow these steps:
  1. Open a command window and navigate to
    siteminder_home
    \db.
  2. Import one of the following files:
    • To import smpolicy.xml, run the following command:
      XPSImport smpolicy.xml -npass
    • To import smpolicy–secure.xml, run the following command:
      XPSImport smpolicy-secure.xml -npass
      • npass
        Specifies that no passphrase is required. The default policy store objects do not contain encrypted data.
      Both files include the default policy store objects. These objects include the default security settings in the default Agent Configuration Object (ACO) templates. The smpolicy–secure file provides more restrictive security settings. For more information, see Default Policy Store Objects and Schema Files.
    • To import Option Pack functionality, run the following command:
      XPSImport ampolicy.xml -npass
    • To import federation functionality, run the following command:
      XPSImport fedpolicy-12.5.xml -npass
    • To use OAuth or OpenID Connect, run the following command to import the default OAuth entities and default claims and scopes objects for OpenID Connect:
      XPSImport default-fedobjects-config.xml -npass
      -npass
      specifies that no passphrase is required.
    The policy store objects are imported.
Importing ampolicy.xml makes available legacy federation and Web Service Variables functionality that is separately licensed from
SiteMinder
. If you intend on using the latter functionality, contact your Broadcom account representative for licensing information.
Restart the Policy Server
casso1283
You restart the Policy Server for certain settings to take effect.
Follow these steps:
  1. Open the Policy Server Management Console.
  2. Click the Status tab, and click Stop in the Policy Server group box.
    The Policy Server stops as indicated by the red stoplight.
  3. Click Start.
    The Policy Server starts as indicated by the green stoplight.
    Note
    : To restart the Policy Server on UNIX, execute the
    stop-ps
    and
    start-ps
    or
    stop-all
    and
    start-all
    commands.
Prepare for the Administrative UI Registration
You use the default super user account to log into the Administrative UI for the first time. The initial login requires that you to register the Administrative UI with a Policy Server, which creates a trusted relationship between both components.
You prepare for the registration by using the XPSRegClient utility to supply the super user account name and password. The Policy Server uses these credentials to verify that the registration request is valid and that the trusted relationship can be established.
Consider the following items:
  • The time from which you supply the credentials to when the initial Administrative UI login occurs is limited to 24 hours. If you do not plan on installing the Administrative UI within one day, complete the following steps before installing the Administrative UI.
  • (UNIX) Be sure that the
    SiteMinder
    environment variables are set before you use XPSRegClient. If the environment variables are not set, set them manually.
Follow these steps:
  1. Log in to the Policy Server host system.
  2. Run the following command:
    XPSRegClient super_user_account_name[:
    passphrase
    ] -adminui-setup -t
    timeout
    -r
    retries
    -c
    comment
    -cp -l
    log_path
    -e
    error_path
    -vT -vI -vW -vE -vF
    • passphrase
      Specifies the password for the default super user account.
      If you do not specify the passphrase, XPSRegClient prompts you to enter and confirm one.
    • -adminui–setup
      Specifies that the Administrative UI is being registered with a Policy Server for the first–time.
    • -t
      timeout
      (Optional) Specifies the allotted time from when you to install the Administrative UI to the time you log in and create a trusted relationship with a Policy Server. The Policy Server denies the registration request when the timeout value is exceeded.
      Unit of measurement:
      minutes
      Default:
      240 (4 hours)
      Minimum:
      15
      Maximum:
      1440 (24 hours)
    • -r
      retries
      (Optional) Specifies how many failed attempts are allowed when you are registering the Administrative UI. A failed attempt can result from submitting incorrect administrator credentials when logging in to the Administrative UI for the first time.
      Default:
      1
      Maximum:
      5
    • -c
      comment
      (Optional) Inserts the specified comments into the registration log file for informational purposes.
      Surround comments with quotes.
    • -cp
      (Optional) Specifies that registration log file can contain multiple lines of comments. The utility prompts for multiple lines of comments and inserts the specified comments into the registration log file for informational purposes.
      Surround comments with quotes.
    • -l
      log_path
      (Optional) Specifies where the registration log file must be exported.
      Default:
      siteminder_home
      \log
      siteminder_home
      Specifies the Policy Server installation path.
    • -e
      error_path
      (Optional) Sends exceptions to the specified path.
      Default:
      stderr
    • -vT
      (Optional) Sets the verbosity level to TRACE.
    • -vI
      (Optional) Sets the verbosity level to INFO.
    • -vW
      (Optional) Sets the verbosity level to WARNING.
    • -vE
      (Optional) Sets the verbosity level to ERROR.
    • -vF
      (Optional) Sets the verbosity level to FATAL.
  3. Press Enter.
    XPSRegClient supplies the Policy Server with the administrator credentials. The Policy Server uses these credentials to verify the registration request when you log in to the Administrative UI for the first time.
Driver=nete_ps_root/odbc/lib/NSora28.soDescription=DataDirect 8.0 Oracle Wire ProtocolHostName=host_namePortNumber=1521ServiceName=nete_serverid#SID=server_idCatalogOptions=0ProcedureRetResults=0EnableDescribeParam=0EnableStaticCursorsForLongData=0ApplicationUsingThreads=1DMCleanup=2EnableTimestampWithTimeZone=1