Idea Details

Replace smconsole with web app

Last activity 06-13-2019 09:40 AM
flama10's profile image
03-09-2016 09:29 PM

@Replace smconsole with an application running in and embedded servlet engine on the policy server.


This would provide three main advantages.


1) Much easier access to smconsole features from linux (no need to export display).

2) Ability to remotely connect to smconsole without needing a full RDP session on windows.

3) A more modern appearance to smconsole.


Authentication can be handled in a local XML file (keeping it independent from siteminder). Using console commands to manage users.


01-28-2018 12:37 PM

Agreed, Making UI a single entry point for admins should be a right strategy; command line interface is certainly a bonus.  

01-26-2018 07:06 PM

Yes, for obvious reasons at some point in the near future WAMUI needs a redesign to have more robust capabilities with modern look and feel.

01-26-2018 06:49 PM

I think if we combine smldapsetup and XPSConfig in the current state as of date today, it has everything we needed to completely eliminate SMCONSOLE.


I would not even bother adding anything into the WAMUI (redesign / duplicate), that is way too much overhead for the WAMUI and adds more performance concerns for the WAM UI. The amount of time we have to delete data folder and reconfigure WAMUI, nope not a good spot to add administer registry configuration.


If we pause for a moment and review XPSConfig (166 parameters just for SM, that is a huge list and it has everything from SmConsole to sm.registry), I am more than 100% confident that we'll find atleast 95% smconsole parameter in there if not 100% (I have a feeling it will be 100%). 

01-26-2018 06:40 PM

It would be nice if smconsole settings are migrated to Admin UI, and completely sunset SmConsole. This will avoid running an additional app on policy server.

01-26-2018 06:35 PM

My one cent, just create something like XPSTOOLS as a replacement for SMCONSOLE XWINDOWS. So that it just plainly runs on the Policy Server machine in command line mode (just like XPSExplorer or XPSSecurity) both in Windows and Unix. That way I don't have to deal with deploying any XWINDOWS or APP SERVER or any additional overhead.


If security surrounding XPSTools is a concerns, there was a NIN delivered to a customer which implemented Security on XPSTools years ago. Thus the capability is present to build security surrounding securing XPSTools (And if smconsole gets added into the same stack, well done). Well one cannot vote any more on this idea CA Single Sign on : Implement Security in XPSTools. 


Another perspective, have we looked at XPSConfig (The text within the tool provides more insight than docs) ?  

[XPSConfig - XPS Version 12.7.0000.1194]
Log output: /smuser_HomeDir/programfiles/CA/siteminder/log/XPSConfig.2018-01-26_182702.log

PRODUCTS MENU*************************************************************CA

CDS - CertificateDataStore 12 Parameters
EPM - Enterprise Policy Management 3 Parameters
FED - Federation 3 Parameters
SM - SiteMinder 166 Parameters
XPS - Extensible Policy Store 25 Parameters


We can keep building new things OR we can look at consolidate things more strategically poised tools. I think XPSConfig already has what is needed. There may be a few missed, but we can always add the missing pieces.


The only other thought I have is moving sm.registry (how much of the items in sm.registry, could we) into Policy Store. Once it is in the Policy Store, we know the benefits of administering it from a single point and all other policy server pick the change. 

08-23-2016 08:02 AM

Duplicate Will Robinson!

Move Registry settings to UI

03-17-2016 01:58 PM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team is reviewing your enhancement suggestion. The Community will continue to be able to vote on this enhancement idea.