Thursday, June 11, 2009

SiteMinder R12 Admin GUI

If you are upgrading or installing SiteMinder R12 you may have noticed that the traditional admin GUI has changed. The Java applet now asks you for 4 fields.

Username: This is the username found in the "Administrators" list on the old version 6 GUI. The applet is not case sensitive.
Password: The password in the "Administrators" list.
Host Name: A 4.x compatible Agent's name
Passphrase: The Shared Secret of the 4.x compatible agent

The Host Name and Passphrase fields are where things get interesting. SiteMinder R12 is trying heavily to move the functions of this applet to a web based system. The web based system communicates with the SiteMinder policy server using the API. However, the API still uses 4.x agents as the method of authentication to the policy server. 4.x agents have an associated shared secret.

Thus to get into the traditional 6.0 GUI you need to have a 4.x compatible agent. But what happens when you upgrade to SiteMinder R12 and don't have one? You have two options:

1. Install the SiteMinder Web Access Manager GUI - Unfortunately the installer for Windows is over 2GB
2. Manually create a 4.x Web Agent

Option 2 is easiest. We are going to create a file with the proper parameters and then use smobjimport to import it directly to the policy store. To do this create a file called "Generic4xAgent" and put the following in the file:

objectclass: Agent
Oid: 01-39c83ef9-5c51-4fb4-ba13-193543b8a9d4
Name: siteminder
AgentType: 10-8d78bb96-ae15-11d1-9cdd-006008aac24b
RealmHintAttrId: 0

objectclass: TrustedHost
Oid: 24-5ea55269-d8a9-47a0-864c-c97026c00b99
Name: siteminder
Secret: password
Is4xHost: true
RolloverEnabled: false
SecretGenTime: 00000000-00000000-000000000000000000000000000000000000000000000000
SecretUsedTime: 00000000-00000000-000000000000000000000000000000000000000000000000

Save the file as "Generic4xAgent". Now run the command:
smobjimport -iGeneric4xAgent -dsiteminder -wpassword -c

-i is the filename
-d is the SiteMinder admin username
-w is the SiteMinder admin password
-c indicates that the file has cleartext passwords

This creates a 4.x agent named "siteminder" with a shared secret of "password".

At this point you should be able to login to the traditional admin UI.

1 comment:

jake george said...

Siteminder - 21st Century Software Solutions
CA Siteminder training is offered CA Siteminder 6.0 and CA Siteminder 12.0. We cover both basic and advanced topics in Siteminder Online training. Attend a ...