Synchronizing password policies upon integrating Identity Manager and SiteMinder.

Document ID : KB000050254
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Read this article to find out how to synchronize password policies that existed in SiteMinder and/orIdentity Manager upon enabling the integration of these two products.

Solution:

Before enabling the integration of Identity Manager with SiteMinder you might already have password policies in place in either one or both products. When not integrated each product uses it private storage to store these password policies:Identity Manager will store the password policies in its Object Store. SiteMinder will store these objects in the Policy Store. In that configuration there is no linkage between these object. They are not shared and are handled independently by each product. In this situation a password policy defined byIdentity Manager will only apply to the passwords ofIdentity Manager and its endpoints but not to web applications protected by SiteMinder.

This changes when integrating the products. When integrated the password policies need to be stored in both storages. Further, they need to be linked so that an update fromIdentity Manager to the policy will be reflected in SiteMinder. Note that in an integrated environment it isIdentity Manager which should manage and administer the password policies and not SiteMinder. In this situation creating or modifying a password policy inIdentity Manager will create or respectively update a matching and linked similar policy in SiteMinder. However, this is not true the other way around. Changes in SiteMinder to a password policy will not update their respective objects in Identity Manager. The reason for that is theIdentity Manager is aware of the mirroring object by its extensions for SiteMinder while SiteMinder is unaware of the objects in Identity Manager.

Consider a situation where you have policies defined in both products before you enable the integration. You would want to keep these policies and not lose them. If you were to simply enable the integration you will observe that nothing will happen to any of these policies on either product. They will all remain as they were, be unrelated and not linked. You will need to link them. As explained you are only able to link policies from Identity Manager. Therefore, you will need to delete all the SiteMinder password policies and re-enter them from Identity Manager. This will in turn recreate them in SiteMinder but make sure to link them properly to their newly createdIdentity Manager mirroring objects. Similarly, if you have a password policy inIdentity Manager that did not exist in SiteMinder then you will need to delete it and recreate it inIdentity Manager so that it will create the corresponding matching object in SiteMinder.