This section describes how to configure CA eTrust SiteMinder 6 for authentication with IBM
® Advanced. Using SiteMinder with Sametime
Advanced is optional.
Before you begin
recommends that you use the latest available version of the CA eTrust SiteMinder, as well as the latest available hot fix that is certified by Computer Associates to work with the version of the HTTP server that you are using. Use this documentation as a guide, but you will probably need to refer to the SiteMinder documentation, too.
SiteMinder uses agents to intercept HTTP requests in Sametime
Advanced, and then forwards them to the SiteMinder Policy Server for authentication. There are two types of SiteMinder agents used when you configure SiteMinder to work with Sametime
- Siteminder Web Agent - Installed on the Lotus® Sametime Advanced HTTP server and the Sametime 8 server
Web agents control access to web content and deliver a user's security credentials directly to any web application being accessed by the user. By placing an agent in a web server that is hosting protected web content or applications, administrators can coordinate security across a heterogeneous environment of systems and create a single sign-on domain for all users. For web servers, the web agent integrates through each web server's extension API. It intercepts all requests for resources (URLs) and determines whether each resource is protected by SiteMinder. If the resource is not SiteMinder protected, the request is passed through to the web server for regular processing. If it is protected by SiteMinder, the web agent interacts with the policy server to authenticate the user and to determine if access to the specific resource is allowed.
- Application Server Agents - Installed on the IBM WebSphere® Application Server
To secure more finely-grained objects such as servlets, JSPs, or EJB components, which could comprise a full-fledged distributed application, SiteMinder provides a family of SiteMinder application server agents (ASAs). ASAs are plug-ins that communicate with the SiteMinder Policy Server to extend single sign-on (SSO) across the enterprise, including J2EE application server-based applications. ASAs also enable SiteMinder to centralize security policy management by externalizing J2EE authorization policies through standard interfaces such as those based on JSR 115.
About this task
Similar to other WebSphere
Application Server environment configurations, you need to configure the following objects in SiteMinder to successfully protect your Sametime
- An agent for the SiteMinder Web Agent
- An agent for the SiteMinder TAI
- An Agent Conf Object for the SiteMinder web Agent
- An Agent Conf Object for the SiteMinder TAI
- A Host Conf Object for the SiteMinder Web Agent
- A Host Conf Object for the SiteMinder TAI
- A User Directory Definition for SiteMinder to use to validate user credentials
- An Authentication Scheme
- A domain for the web agent in your Sametime environment
- A domain for the TAI in your Sametime environment
- Realm definitions for both domains
- Rules for the realms responses, if required, for the rules that you have defined
- A policy or policies for the domains
To configure SiteMinder to work with your Sametime
Advanced server, complete the following integration steps:
Parent topic: Configuring Sametime Advanced