Configuring PPM for Integration with SiteMinder

To configure PPM to integrate with SiteMinder:

  1. Verify that your PPM installation is functioning correctly.

  2. If you plan to use mixed authentication mode, do the following:

    1. Install the SiteMinder Java Agent API on the PPM Server:

      • On a Windows system, copy the smjavaagentapi.jar file to the <PPM_Home>\server\<PPM Server>\deploy\itg.war\WEB-INF\lib directory.

      • On a UNIX system, copy the smjavaagentapi.jar file to the <PPM_Home>/server/<PPM Server>/deploy/itg.war/WEB-INF/lib directory.

        Note: These JAR and DLL files are available on the SiteMinder Developer SDK CD. You can also find these files in the SDK home directory. The PPM Server automatically includes the JAR file in its CLASSPATH upon server startup.

    2. (Mixed mode only) Install the SiteMinder Agent native code, as follows:

      • On a Windows system navigate to the C:\Program Files\netegrity\sdk\bin folder, and then copy the following files to the <PPM_Home>\integration\siteminder directory:

        smagentapi.dll smerrlog.dll
        smjavaagentapi.dll
        (or, for SiteMinder 6.0 SP1, the smjavaagentapi.jar file) to the <PPM_Home>\integration\siteminder directory.

        Note: Regardless of which directory you place the DLL files in, check to make sure that you include the directory path in the PATH system environment variable.

      • On a UNIX system, set the CA SiteMinder SDK-related variables (such as LD_LIBRARY_PATH, PATH, CLASSPATH, LIBPATH, and SHLIB_PATH) so that the system can find the JNI support library. Next, navigate to the /Program Files/netegrity/sdk/java directory, and then copy the smjavaagentapi.jar file to the <PPM_Home>/integration/siteminder directory.

        Note:

        • For information about which variables to set for which platforms, and what values to set for them, see the guidelines provided in the CA SiteMinder SDK documentation.
        • SiteMinder native dll files are available in both 32-bit and 64-bit versions. PPM Center requires that the version of SiteMinder native dll files be consistent with the version of JDK software installed on PPM Center, otherwise PPM Center may fail loading these local native code.

          For example, if you use 32-bit JDK software, make sure you use 32-bit version of SiteMinder native dll files as well.

  3. (Mixed mode only) Open the siteminder.conf file (located in the <PPM_Home>/integration/siteminder directory), and make sure that the settings for the following SiteMinder parameters match the corresponding settings in the SiteMinder setup:

    • SM_ACCOUNTING_PORT

    • SM_AGENT_NAME

    • SM_AUTHENTICATION_PORT

    • SM_AUTHORIZATION_PORT

    • SM_CONNECTION_MAX

    • SM_CONNECTION_MIN

    • SM_CONNECTION_STEP

    • SM_CONNECTION_TIMEOUT

    • SM_POLICY_SERVER

    • SM_PROTECTED_URL

    • SM_SHARED_SECRET

      Caution: Pay particular attention to the value set for SM_AGENT_NAME.

      If any SiteMinder settings are modified later, you must update the siteminder.conf file to reflect these changes.

    • SM_ACCOUNTING_PORT

    • SM_AGENT_NAME

    • SM_AUTHENTICATION_PORT

    • SM_AUTHORIZATION_PORT

    • SM_CONNECTION_MAX

    • SM_CONNECTION_MIN

    • SM_CONNECTION_STEP

    • SM_CONNECTION_TIMEOUT

    • SM_POLICY_SERVER

    • SM_PROTECTED_URL

    • SM_SHARED_SECRET

      Caution: Pay particular attention to the value set for SM_AGENT_NAME.

      If any SiteMinder settings are modified later, you must update the siteminder.conf file to reflect these changes.

  4. (Optional, but recommended) Create a backup copy of the PPM Server server.conf file.

  5. Actions for mixed mode authentication only:

    1. To enable selection of either SiteMinder or PPM authentication for PPM users, in the server.conf file, modify the authentication mode as follows:

      com.kintana.core.server.AUTHENTICATION_MODE =ITG,SiteMinder
    2. Comment out the following parameter setting in the server.conf file.

      com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.SiteMinderSingleSignOn
    3. Stop, and then restart the PPM Server.

    4. From the User Workbench, (from the PPM Workbench shortcut bar, select Sys Admin > Users), change the users' authentication mode to SiteMinder.

      Tip: You may want to set a few user accounts to use the PPM authentication mode to enable access to PPM in the event that the SiteMinder Policy Server is unavailable.

    1. To enable selection of either SiteMinder or PPM authentication for PPM users, in the server.conf file, modify the authentication mode as follows:

      com.kintana.core.server.AUTHENTICATION_MODE =ITG,SiteMinder
    2. Comment out the following parameter setting in the server.conf file.

      com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.SiteMinderSingleSignOn
    3. Stop, and then restart the PPM Server.

    4. From the User Workbench, (from the PPM Workbench shortcut bar, select Sys Admin > Users), change the users' authentication mode to SiteMinder.

      Tip: You may want to set a few user accounts to use the PPM authentication mode to enable access to PPM in the event that the SiteMinder Policy Server is unavailable.

  6. Actions for SSO mode only:

    1. To enable only SiteMinder authentication for PPM users, in the server.conf file, change the authentication mode as follows.

      com.kintana.core.server.AUTHENTICATION_MODE=SiteMinder
    2. In the server.conf file, specify the use of SSO as follows.

      com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.SiteMinderSingleSignOn

      Note: When both the SiteMinder Web Agent and PPM Web server module are installed on the external Web server, the SiteMinder Web Agent always takes precedence for requests in the form of /itg/*.

    1. To enable only SiteMinder authentication for PPM users, in the server.conf file, change the authentication mode as follows.

      com.kintana.core.server.AUTHENTICATION_MODE=SiteMinder
    2. In the server.conf file, specify the use of SSO as follows.

      com.kintana.core.server.SINGLE_SIGN_ON_PLUGIN =com.kintana.sc.security.auth.SiteMinderSingleSignOn

      Note: When both the SiteMinder Web Agent and PPM Web server module are installed on the external Web server, the SiteMinder Web Agent always takes precedence for requests in the form of /itg/*.

  7. Stop, and then restart the PPM Server.