Blog Viewer

Tech Tip - CA Single Sign-On:Web Agent: How to configure SiteMinder Webagent for OHS manually ?

By Ujwol posted Feb 07, 2016 07:02 PM

  

Posted by Ujwol Shrestha - Principal Support Engineer in CA Security on Feb 2, 2016

 

Envrionment :

  • Oracle HTTP Server 11g
  • Siteminder Web Agent : 12.5+

Step 1. Changes to httpd.conf file at <Instance Directory>\instance1\config\OHS\ohs1

 

1. Add LoadModule entry to the DSO Support Section

The following line(s) are added to the Dynamic Shared Object (DSO) Support configuration section, which precedes the Main server configuration section of the file.

LoadModule sm_module "<web_agent_home>/win64/bin/mod_sm22.dll"

Note:

The SiteMinder Agent requires one of the following modules in order to load:

Apache 2.0

LoadModule sm_module web_agent_home/bin/libmod_sm20.so

Apache 2.0 running on Windows

LoadModule sm_module web_agent_home/bin/mod_sm20.dll

Apache 2.2 running on Windows

LoadModule sm_module web_agent_home/bin/mod_sm22.dll

2. Add SmInitFile Entry

This entry is placed after the LoadModule entry that you added in (1). A full path is used, not a relative path.

SmInitFile "<Instance Directory>/instance1/config/OHS/ohs1/WebAgent.conf"

 

3. Alias Entries Added

In the Aliases section of the file, following entries are added to enable SiteMinder features.

 

Note:

The Alias /siteminderagent/ “<web_agent_home>/samples/” entry must come after all other aliases in the Aliases section.

 

AliasMatch /siteminderagent/nocert/[0-9]+/(.*) "<web_agent_home>/win64/$1"

<Directory "<web_agent_home>/win64/$1">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/pwcgi/ "<web_agent_home>/win64/pw/"

<Directory "<web_agent_home>/win64/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/pw/ "<web_agent_home>/win64/pw/"

<Directory "<web_agent_home>/win64/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/ "<web_agent_home>/win64/samples/"

<Directory "<web_agent_home>/win64/samples/">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

 

Step 2. Create WebAgent.conf file with the following content and copy it in <Instance Directory>\instance1\config\OHS\ohs1

 

# WebAgent.conf - configuration file for SiteMinder Web Agent

# Web Agent Version = 12.51, Build = 1402, Update = 07

 

LOCALE=en-US

 

#agentname="<AgentName>, <IPAddress>"

HostConfigFile="<web_agent_home>\win64\config\SmHost.conf"

AgentConfigObject="<aco_name>"

EnableWebAgent="YES"

ServerPath=""

#localconfigfile="<Instance Directory>\instance1\config\OHS\ohs1\LocalConfig.conf"

LoadPlugin="<web_agent_home>\win64\bin\HttpPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\Affiliate10Plugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\SAMLAffiliatePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\eTSSOPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\IntroscopePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\SAMLDataPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\OpenIDPlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\DisambiguatePlugin.dll"

#LoadPlugin="<web_agent_home>\win64\bin\OAuthPlugin.dll"

AgentIdFile="<Instance Directory>\instance1\config\OHS\ohs1\AgentId.dat"

 

Step 3. Create AgentId.dat file with the following content and copy it in <Instance Directory>\instance1\config\OHS\ohs1

 

GUID=000080fe0000000075939d10c0597d33-0bf0-5643dc86-0bf4-0339021c

(Specify unique GUID value for each of the Agent Instance )

 

Step 4. Change opmn.xml file at <Instance Directory>\instance1\config\OPMN\opmn

=======================================================================

Add following lines after

<ias-instance id="instance1" name="instance1">

<environment>

 

section

 

<variable id="NETE_WA_PATH" value="<web_agent_home>/win64/bin"/>

<variable id="NETE_WA_ROOT" value="<web_agent_home>/win64" />

<variable id="PATH" value="$NETE_WA_PATH;$PATH"/>

 

 

Note:

     1. All the sections within <> need to be changed with the actual path

     2. After making all these changes OS needs to be restarted.

 

Attachment:

All the sample files are attached for reference.

  

2 comments
6 views

Permalink