Customer is requesting specific steps to create a new SiteMinder Administrator manually.
Customer is running:
- SiteMinder Policy Server and WAM UI R12 SP1.
- Oracle 10g as Policy, Object and Administrative User store.
Starting with SiteMinder R12, administrator users can be stored in an external User Directory like an LDAP user directory or a Database user store.
The WAM UI will grant access to an administrator user as long as:
- The user exists in the User Directory.
- The user has the proper privileges in the eXtended Policy Store (XPS).
In this example, we are assuming that the customer wants to register the User 'Mikel' as administrator.
The Administrator can be created manually in the XPS via XPSSecurity utility as follows:
- Execute XPSSecurity:
XPSSecurity is an interactive command-line utility that allows administrators and members of operations to create and delete administrators and edit their rights. XPSSecurity is not installed with SiteMinder Policy Server, but it is included with the SiteMinder Policy Server installation binaries. For security reasons it is always recommended to delete XPSSecurity from your production systems.
- Select option A - Administrators.
- Select option N - New Administrator.
- Select Option 1 (Description) and enter a description. For this example we will enter "Mikel Super User".
- Select option 2 (Flags) and then type "?" to interactively set the flags.
- Select option 2, this will grant the SuperUser role to the user.
- Select option q to quit, then option 4 (Name) and enter the name, the default value is JDBC://jdbc%2Fiamsuitedirectory/2, but it could be any value. For this example, we will enter "Mikel Super User".
- Select option 5 and Specify the user path:
In ODBC Administrative User Directories , the user path makes a reference to a number. This number is the unique identifier Attribute that you have defined in your directory.xml file, and the number should match with the id of the user in the Database. For "Mikel" this number is 2 as seen in the example Database Table above.
Here's an snippet of the directory.xml file used in this example:
<Table name="SmUser" primary="true" /> <UniqueIdentifier> <UniqueIdentifierAttr name="SmUser.UserID"/> </UniqueIdentifier> -> End
In this example the user path of the user Mikel is: JDBC://jdbc%2Fiamsuitedirectory/2 In LDAP Administrative User Directories , the user path makes reference to the user in the Administrative User Directory using the following template:
LDAP://<IP>:<Port>/<DN> <OR> LDAP://<HostName>.<Company>.com:<port>/<DN>
LDAP://192.168.1.1:396/uid=Mikel,ou=People,dc=ca,dc=com <OR> LDAP://MyMachine.ca.com:396/ uid=Mikel,ou=People,dc=ca,dc=com
- Select option V (Validate).
- Select option U (Update).
- Select Q to quit.
The user has now been registered in the XPS and it is ready to use with the WAM UI.