ValueOps ConnectALL Product Community

 View Only

CA Single Sign On (formerly CA SiteMinder) Registry

By Ujwol posted Sep 22, 2014 03:13 AM

  

Following table shows a summary of the registry key used by SiteMinder with a brief description for each of the keys.

 

Notes :

  • This is a work in progress and will be updated on a regular basis.
  • The registry path are based on WIN32 based system. For WIN64 the path will be inside a "wow6432node" node.

         For e.g. for WIN32 : HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\CurrentVersion\Database\SessionServer

         For WIN64 : HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Database\SessionServer

  • Solaris and Linux paths are based on WIN32
  • SiteMinder version referenced is : R12.52SP1. Some of the registry entries might not be applicable to the older release.
  • For any clarifications, you can put a comment below.

 

Credits :

Former CA colleague : Stone, Christina who has the done the initial work in compiling this.

 

Path

Key NameDefault Value TypePurposeModified ByNotes

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion

LocationC:\Program Files\netegrity\siteminderREG_SZInstall folder of Site MinderInstallerThese values are written by the installer and should not be modified. They are only changed when the installer is run again for an upgrade.
FullVersionREG_SZVersion of Site Minder being installedInstaller
NameREG_SZUser name installing the productInstaller
CompanyREG_SZName of companyInstaller
LanguageREG_SZLanguage in which Site Minder is installedInstaller
VersionREG_SZShort version of Site Minder (nn.mm)Installer
UpdateREG_SZService Pack versionInstaller
LabelREG_SZBuild or CR numberInstaller
MasterKeyFileREG_SZLocation of master key file
InstallKeyREG_SZInstall key value

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Accounting

Thread Pool SizeREG_DWORDObsolete this has been moved to the PolicyServer registry Key
Max Tunnel Buffer SizeREG_DWORD
Tcp Idle Session TimeoutREG_DWORD

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Administration

Thread Pool SizeREG_DWORDObsolete this has been moved to the PolicyServer registry Key
Max Tunnel Buffer SizeREG_DWORD
Tcp Idle Session TimeoutREG_DWORD

 

 

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Authentication

Thread Pool SizeREG_DWORDObsolete this has been moved to the PolicyServer registry Key
Max Tunnel Buffer SizeREG_DWORD
Tcp Idle Session TimeoutREG_DWORD

HEKY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Authorization

Thread Pool SizeREG_DWORDObsolete this has been moved to the PolicyServer registry Key
Max Tunnel Buffer SizeREG_DWORD
Tcp Idle Session TimeoutREG_DWORD

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Crypto

CryptoProvider0REG_DWORDType of encryption provider - 0=BSAFE, 1=PKCS11By Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database

VersionREG_SZVersion of the ODBC library usedBy Hand
OdbcBrandingLibsminstallapiREG_SZThe ODBC branding libraryBy Hand
UpdateSyncDelay0REG_DWORDDelay to be used for synchronization updates in millisecondsBy Hand
ConnectionTimeout1REG_DWORDThe time out value for DB connections in secondsBy Hand
ConnectionHangwaitTime70REG_DWORD
LoginTimeout15REG_DWORD
QueryTimeout30REG_DWORD

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database\Default

Data SourceSiteMinder Data SourceREG_SZName of the Policy Store data source to connect toSM Console
User NameREG_SZUser name to use for the connectionSM Console
PasswordREG_SZPassword to use for the connectionSM Console
MaxConnections25REG_DWORDMaximum parallel connections allowed to the data sourceSM Console
ProviderNamespaceODBC:REG_SZData source provider name spaceSM ConsoleValid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP
Enabled1REG_DWORD0 = Disabled 1 = EnabledBy HandPolicy Store is always enabled

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database\Key

Data SourceSiteMinder Keys Data SourceREG_SZName of the Key Store data source to connect toSM Console
User NameREG_SZUser name to use for the connectionSM Console
PasswordREG_SZPassword to use for the connectionSM Console
Use Default1REG_DWORD0 = Use a different Key Store 1 = Use Policy Store as the Key StoreSM Console
MaxConnections5REG_DWORDMaximum parallel connections allowed to the data sourceSM Console
ProviderNamespaceODBC:REG_SZData source provider name spaceSM ConsoleValid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP
Enabled1REG_DWORD0 = Disabled 1 = EnabledBy HandKey Store is always enabled

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database\Log

Data SourceSiteMinder Logs Data SourceREG_SZName of the data source to store the audit logs inSM Console
User NameREG_SZUser name to use for the connectionSM Console
PasswordREG_SZPassword to use for the connectionSM Console
Use Default0REG_DWORD0 = Use a different Log Store 1 = Use Policy Store as the Log StoreSM Console
MaxConnections15REG_DWORDMaximum parallel connections allowed to the data sourceSM Console
ProviderNamespaceTEXT:REG_SZData source provider name spaceSM ConsoleValid values are TEXT: and ODBC: to indicate whether to store to a file or DB

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database\SessionServer

Data SourceSiteMinder Session Data SourceREG_SZName of the Session Store data source to connect toSM Console
User NameREG_SZUser name to use for the connectionSM Console
PasswordREG_SZPassword to use for the connectionSM Console
Use Default0REG_DWORD0 = Use a different Session Store 1 = Use Policy Store as the Session StoreSM Console
MaxConnections16REG_DWORDMaximum parallel connections allowed to the data sourceSM Console
Enabled0REG_DWORD0 = Disabled 1 = EnabledSM Console
ProviderNamespaceODBC:REG_SZData source provider name spaceSM ConsoleValid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Database\Token

Data SourceSiteMinder Tokens Data SourceREG_SZName of the Token Store data source for hardware authentication tokens to connect toSM Console
User NameREG_SZUser name to use for the connectionSM Console
PasswordREG_SZPassword to use for the connectionSM Console
Use Default0REG_DWORD0 = Use a different Token Store 1 = Use Policy Store as the Token StoreSM Console
MaxConnections10REG_DWORDMaximum parallel connections allowed to the data sourceSM Console
ProviderNamespaceODBC:REG_SZData source provider name spaceSM ConsoleValid values are ODBC: and LDAP: to indicate whether the store is a DB or LDAP

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Debug

Console0REG_DWORDThis key is obsolete with introduction of the new smerrlog facilityNone

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds

NamespacesLDAP:,ODBC:,WinNT:,Custom:,ADREG_SZList of supported namespacesInstaller

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\ClassFilters

WinNT:GroupREG_SZ

The granularity of the response of the Sm_PolicyApi_GetDirectoryContents()

function for WINNT: namespace is governed by this key

By Hand
LanMan:GroupREG_SZ

The granularity of the response of the Sm_PolicyApi_GetDirectoryContents()

function for LanMan: namespace is governed by this key

By Hand
LDAP:

organization,organizationalUnit,groupOfNames,

groupOfUniqueNames,group

REG_SZ

The granularity of the response of the Sm_PolicyApi_GetDirectoryContents()

function for LDAP: namespace is governed by this key

By Hand
AD:

organization,organizationalUnit,groupOfNames,

groupOfUniqueNames,group

REG_SZ

The granularity of the response of the Sm_PolicyApi_GetDirectoryContents()

function for LDAP: namespace is governed by this key

By Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\DsCacheParms

DsInfoEnabled1REG_DWORDIs DS Info cache enabledBy Hand

Valid values

0 = Disabled

1 = Enabled

DsInfoTimeoutSeconds3600REG_DWORDLife time of the entries in cache in secondsBy Hand
DsInfoMaxSizeMB10REG_DWORDDS Info cache maximum size in mega bytesBy Hand
UserPolicyCacheMaxSize1000REG_DWORDUser Policy cache maximum size in mega bytesBy Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\GroupClassFilters

LDAP:groupOfNames,groupOfUniqueNames,groupREG_SZThe group attribute types filter that should be used when retrieving group objects from LDAPBy Hand
AD:groupOfNames,groupOfUniqueNames,groupREG_SZThe group attribute types filter that should be used when retrieving group objects from Active DirectoryBy Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\LdapMatchUserDN

groupmemberREG_SZThe group attribute type to use when matching User DN groupBy Hand
groupOfNamesmemberREG_SZThe group attribute type to use when matching User DN group of namesBy Hand
groupOfUniqueNamesuniqueMemberREG_SZThe group attribute type to use when matching User DN group of unique namesBy Hand
organizationalRoleroleOccupantREG_SZThe group attribute type to use when matching User DN organizational roleBy Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\LDAPProvider

EnableReferrals1REG_DWORDDetermines if any LDAP referrals are handled by the Policy Server. If set to 0, no LDAP referrals will be accepted by the Policy Server. If set to 1, the Policy Server accepts LDAP referrals.By Hand
EnableEnhancedReferrals1REG_DWORDTo allow the Policy Server to use enhanced handling LDAP referrals at the Policy Server, rather than allowing LDAP referral handling by the LDAP SDK layer.SM Console

Valid values

0 = No

1 = Yes

MaxReferralHops10REG_DWORDIndicates the maximum number of consecutive referrals that will be allowed while attempting to resolve the original request. Since a referral can point to a location that requires additional referrals, this limit is helpful when replication is misconfigured, causing referral loops.SM Console
EnableObjectCategory0REG_DWORDEnable or disable ObjectCategory attribute supportBy Hand

Valid values

0 = No

1 = Yes

EnablePagingADNameSpace0REG_DWORDTo support searches of large numbers of users in the Active Directory namespace, enable the following new registry key by setting it to oneBy Hand

Valid values

0 = No

1 = Yes

EnableADEnhancedReferrals1REG_DWORDUse LDAP Namespace for an Active Directory User Directory Connection. When accessing an Active Directory user directory using an LDAP namespace, set this registry key to 0By Hand

Valid values

0 = No

1 = Yes

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\NamespaceProviders

LanMan:smdslanmanREG_SZThe library that provides for LanMan namespaceBy Hand
WinNT:smdswinntREG_SZThe library that provides for WinNT namespaceBy Hand
ADSI:smdsadsiREG_SZThe library that provides for ADSI namespaceBy Hand
LDAP:smdsldapREG_SZThe library that provides for LDAP namespaceBy Hand
ODBC:smdsodbcREG_SZThe library that provides for ODBC namespaceBy Hand
Custom:smdscustomREG_SZThe library that provides for Custom namespaceBy Hand
AD:smdsldap_msREG_SZ

The library that provides for AD

namespace

By Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\OrgClassFilters

LDAP:organization,organizationalUnitREG_SZThe organizational units that should be retrieved for LDAP:By Hand
AD:organization,organizationalUnitREG_SZThe organizational units that should be retrieved for AD:By Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\OrgResolution

User1REG_DWORDOrganization resolution is done by checking user's org pathBy Hand
Group0REG_DWORDOrganization resolution is done by checking user's groups org pathsBy Hand
Role0REG_DWORDOrganization resolution is done by checking user's roles org pathsBy Hand

HKEY_LOCAL_MACHINE\software\netegrity\SiteMinder\

CurrentVersion\Ds\PolicyClassFilters

WinNT:Group, UserREG_SZThe object classes that should be retrieved for WINNT:By HandAn objectClass is a collection of attributes (or an attribute container). Provide a comma separated list of object classes that should be retrieved for each namespace.
LanMan:Group, UserREG_SZThe object classes that should be retrieved for LanMan:By Hand
LDAP:

organizationalPerson,inetOrgPerson,

organization,organizationalUnit,groupOfNames,

groupOfUniqueNames,group

REG_SZThe object classes that should be retrieved for LDAP:By Hand
ODBC:Group, UserREG_SZThe object classes that should be retrieved for ODBC:By Hand
AD:

organizationalPerson,inetOrgPerson,

organization,organizationalUnit,

groupOfNames,groupOfUniqueNames,

group

REG_SZThe object classes that should be retrieved for AD:By Hand
3 comments
5 views