Integrate > Configure Integration with SiteMinder

Configure Integration with SiteMinder

Note Integration with SiteMinder can be performed only when the CMS UI is configured to one UCMDB Server, since there is no option to select a server from the server list on login.

  1. Configure the CMS UI to enable LW-SSO:

    1. Follow the instructions in Configure LW-SSO.

    2. Add the following code to the ucmdb_browser_lwsso_config.xml configuration file, just after the tag </in-ui-lwsso> and before the tag </validation>:

      <in-ui-identity-management>
      <identity-management> <userNameHeaderName>sm_user</userNameHeaderName> <cookieName>SMSESSION</cookieName> </identity-management> </in-ui-identity-management>
  2. Configure Reverse Proxy server and CA SiteMinder Client Agent

    Note It is strongly recommended to install and configure the Reverse Proxy web server before installing the CA SiteMinder Client Agent. For more details, see to the SiteMinder documentation.

    Configure reverse proxy either for the Apache web server or Microsoft IIS, according to the following instructions:

    • Configure Apache Web Server as Reverse Proxy

      1. Prerequisites:

        • Ensure that CA SiteMinder is installed on your user environment.

        • Ensure that the Apache Web Server is installed on the same machine as the CA SiteMinder Client Agent.

      2. Install Apache 2.2.x on Windows (Apache 2.4.x on Linux).

        Download 32-bit binaries with OpenSSL (httpd-2.2.25-win32-x86-openssl-0.9.8y).

      3. Go to C:\Apache24\conf\ and open the Apache Web Server httpd.conf configuration file with a text editor.

        • Uncomment the following two proxy modules:

          LoadModule proxy_module modules/mod_proxy.so
          LoadModule proxy_http_module modules/mod_proxy_http.so
        • Add the following lines:

          ProxyRequests off
          <Proxy *>
          Order deny,allow
          Deny from all
          Allow from all
          </Proxy>
          ProxyPass / http://[UCMDB_SERVER_NAME]:8080/
          ProxyPassReverse / http://[UCMDB_SERVER_NAME]:8080/
          ProxyPass /ucmdb-ui http://[UCMDB_SERVER_NAME]:8080/ucmdb-ui
          ProxyPassReverse /ucmdb-ui http://[UCMDB_SERVER_NAME]:8080/ucmdb-ui
          ProxyPass /status http://[UCMDB_SERVER_NAME]:8080/status
          ProxyPassReverse /status http://[UCMDB_SERVER_NAME]:8080/status
          ProxyPass /jmx-console https://[UCMDB_SERVER_NAME]:8443/jmx-console
          ProxyPassReverse /jmx-console https://[UCMDB_SERVER_NAME]:8443/jmx-console
          ProxyPass /ucmdb-browser http://[UCMDB_SERVER_NAME]/ucmdb-browser
          ProxyPassReverse /ucmdb-browser http://[UCMDB_SERVER_NAME]/ucmdb-browser

          If needed, feel free to add more URLs.

      4. Restart Apache 2.2 service.
    • Configure Microsoft IIS as Reverse Proxy

      1. Prerequisites:

        Before downloading and installing ARR, make sure that you have already installed Internet Information Services (IIS).

      2. Install ARR from the following URL using the Microsoft Web Platform Installer:

        http://www.iis.net/downloads/microsoft/application-request-routing

        Once installed, the Server Farms item should be present in the Connections tree inside the IIS Manager.

      3. Right-click Server Farms and select Create Server Farm….

        Specify Server Farm name (make sure the Online checkbox is checked) and click Next.

      4. Enter the address of the CMS UI together with the port on which the CMS UI can be accessed, and then click the Add button. (The port can be entered in the Advanced settings….)

      5. After IIS knows which is the server behind, it is necessary to create a simple URL rewriting rule. When prompted for that, select Yes.

  3. Configure SiteMinder LogoffUri

    The CMS UI logout page (logout.jsp) must be defined on CA SiteMinder to ensure correct logout from the CMS UI. If you do not do this, you will need to open a new Browser window to re-enter the CMS UI application.

  4. Verify successful integration of the CMS UI with SiteMinder

    Access the reverse proxy frontend URL. If all settings are correct, you are prompted to input your user name and password in the CA SiteMinder authentication dialog. After successful authentication, you are forwarded to the CMS UI application without having to enter your UCMDB user name and password.