Friday, July 6, 2012

SiteMinder and ASP.NET


Process Description
  1. User types the URL for an ASP.NET application into the web browser.
  2. The SiteMinder Web Agent intercepts the request and checks its resource cache. If there is no information in cache about this resource (URL), the Web Agent then sends the request to the Policy Server, asking if the resource is protected.
  3. The Policy Server responds indicating that the resource is protected.
  4. The Web Agent forwards the request to a login page for challenging the user for their credential.
  5. The Web Agent forwards the credentials back to the Policy Server for authentication and authorization.
  6. The Policy Server authenticates the user against a directory. After verifying the user’s identity, the Policy Server checks rules in the Policy Store, where user entitlements are stored and grant the user access to the resource.
  7. The Policy Server notifies the Web Agent that the user is authenticated and authorized for this resource.
  8. The Web Agent constructs several SiteMinder HTTP headers with information about the authenticated user (userid), generates an encrypted session cookie and redirects the request to the original target URL.
  9. The request reaches the ASP.NET application where the userid can be extracted from the SiteMinder headers for further processing.
Posted by at No comments:

Tuesday, July 3, 2012

Unable to process SMSESSION cookie


"Unable to process SMSESSION cookie" warning in siteminder webagent logs


Multiple reasons:
=============
1>We could see this warning in siteminder web agent logs. user tries to perform any action(navigating to any page or url) after his session time out. Then web agent will log this warning "Unable to process SMSESSION" in webagent logs and redirects user to login page.


2>OS time on webserver hosting the webagent is not the same







Posted by at 2 comments:

Monday, June 18, 2012

Error : siteminder administration server error.too many items in return list (error 50)

While opening Agent conf objects through FSS ,after importing a policy store am getting the above error. 




Edit the registry, looking for MaxObjects 

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\ObjectStore


change this is for ½ gig 

Change MaxObjects to 25 (default usually 0x64) 

The line should look like this after editing: 

MaxObjects= 0x25; REG_DWORD <---- change to 25 

N.B :  (Before editing registry,take a backup of the registry) 


Posted by at 2 comments:

Friday, May 4, 2012

Locate the SiteMinder Platform Support Matrix


To locate the support matrix from the Support site
  1. From the Technical Support site, click Enterprise/Small and Medium Business.
    The Support for Business and Partners screen appears.
  2. Log in to CA Support Online.
    The CA Support Online Basic and Enterprise User screen appears.
  3. Enter your login credentials, again.
    The CA Support Online screen appears.
  4. Under Support, click Support By Product.
  5. Select CA SiteMinder from the Select a Product Page list.
    The CA SiteMinder screen appears.
  6. Scroll to the Product Status section and click CA SiteMinder Platform Support Matrices.
Posted by at 2 comments:

Monday, April 2, 2012

How CA Siteminder Federation Security Services Works


Click on the Image to enlarge

Source : www.ca.com
Posted by at 9 comments:

Tuesday, March 20, 2012

smobjexport (How to export policy store)

smobjexport -d -w [[-o] [-f]] [[(-s|-e)] | [-i] [-j] | [-m] [-k] [-x] ] [-u] [-c] [-l] [-v] [-t]

-d SiteMinder admin name.
-w SiteMinder admin password.
-o output file (defaults to standard output).
-f overwrite an existing output file.
-s export specified domain.
-e export specified domain and all its relevant system objects.
-i export specified IdentityMinder environment and all its relevant system objects.
-j export specified IdentityMinder directory and all its relevant system objects.
-m export IdentityMinder objects only.
-im5 used with -i, -j, -m to export IdentityMinder version 5 objects only.
-im6 used with -i, -j, -m to export IdentityMinder version 6 objects only.
-k export agent keys.
-x export keys only.
-u export variables only
-c export sensitive data unencrypted.
-l Create and log entries to the file .log.
-v verbose.
-t enable tracing.
-? display this message.



Example : smobjexport -dXXXXX -wXXXXX -oNov292011.smdif -c -l -v -t
-d SiteMinder admin name.
-w SiteMinder admin password
-c export sensitive data unencrypted.
-l Create and log entries to the file .log.
-v verbose.
-t enable tracing
Posted by at 2 comments:

Thursday, March 1, 2012

Unable to open Siteminder WAM UI

While Trying to launch Siteminder WAMUI
Error : "The Siteminder Administrative UI did not start within the allocated time.Wait for the Administarive UI to start and then click Try Again"

1) Stop Siteminder adminUI services.
2) Got to install folder/ca/siteminder/adminui/server/default/data
3) take a backup of data folder here
4) Delete the data folder
5) Restart the Siteminder adminUI services
6) Run XPSRegclient siteminder:password -adminui-setup -vT
7) Make sure you don,t see any error when process completes
8) Try to login to WAMUI now.
Posted by at 1 comment:
Subscribe to: Posts (Atom)