One of the major differences between SiteMinder Web Access Manager (WAM) R12 SP2 and pre-Sp2 is in the changes made in setting up the Administration UI. The SP2 installer comes with an option to choose between a pre-configured Jboss Application Server (JBoss [Trinity] 4.2.3.GA - to serve up the Administration UI components) and your other application servers (JBOSS, WebLogic or WebSphere). In addition to that, it appears that the complex method of configuring the initial administrative user has been removed. Prior installations required you to set up a user store and configure it with the right structure in order to set up the administrator login. These improvements have made it easy to set up SiteMinder R12 SP2 relatively quickly (under 30 minutes) and significantly less complex, which to me is key for those trying to get up to speed with R12.
For those of you who are not aware, R12 allows you to install SiteMinder Administration UI ‘clients’ that can exist on remote servers separate from the Policy Server instance. We’ll be installing everything on the same machine for this tutorial.
Just keep in mind that that you might need to run a client command utility called XPSRegClient to create a trusted relationship between the Administration UI client and the Policy Server when launched for the first time. The most common error that you’ll get is the “no registration on file” message when attempting to log into the Administration UI. See the ‘tips’ section for when you need to run this utility.
The goal of this mini-tutorial is to guide you through how to set up SiteMinder in a Windows environment using ADAM as a policy store (you should be able to use any other supported policy stores) and using built-in application server that ships with the installer – all on the same machine. This is especially useful for those that do not have time to comb through the installer guide.
NOTE: This tutorial should be applicable to the other installers available for Solaris, Linux, HP-UX and AIX.
1. Make sure you have JRE/JDK 1.5 (I’d recommend the most recent JRE/JDK 1.5 version to stay on the safe side) installed on the system that you are about to install SiteMinder on. This is a requirement for the SiteMinder Policy Server.
2. Go to http://support.ca.com and download the following installers:
a. CA SiteMinder Policy Server r12.0 SP2 for Windows-32-(ESD only)
b. Administrative UI Prerequisite Installer for Windows-32-(ESD only)
c. CA SiteMinder Administrative UI r12.0 SP2 for Windows-32-(ESD Only)
3. Configure a new ADAM instance (follow steps 1 through 4 in the Configuring ADAM as a SiteMinder Policy Store guide)
4. Unzip the CA SiteMinder Policy Server r12.0 SP2 for Windows-32 installer and run it.
5. Install SiteMinder R12 SP2. The installation should be straightforward.
a. Just make sure you choose the option to initialize the instance.
b. In the “Create SM Key Database”, it wouldn’t hurt to choose to import the default CA certificates (Certificate Authority).
6. Unzip the Administrative UI Prerequisite Installer for Windows-32 and CA SiteMinder Administrative UI r12.0 SP2 for Windows-32 installer into the same directory.
NOTE: This is important because the Administrative UI prerequisite installer requires the layout.properties file from the Administrative UI installer and if it does not find it, it will abort the installation by indicating that it was unable to find the layout.properties file.
7. Run the adminui-pre-req-12.0-sp2-win32.exe installer.
8. The only options you’ll have to specify is the location of the installation and the server and port number for the Administrative UI to exist on.
9. Once you’ve completed, the prerequisite installer will kick off the ca-adminui-12.0sp2-win32.exe installer automatically. If not, run it.
10. There is no additional configuration parameters to be entered during this install and might take a while to install as it compiles and configures the UI components on the application server.
11. Once completed, the installer will attempt to launch a browser and display the SiteMinder Administrative login:
Note: Under the covers, this step starts the application server and registers the SiteMinder Administration UI with the Policy Server.
12. Use SiteMinder as the username and enter the super-user password that you specified during the SiteMinder Policy server installation. Leave the ‘server’ blank as it will default to using the local server and port (unless you have specified otherwise)
13. And you’re done! You should be able to proceed with importing your SiteMinder 6.x policies and viewing them in the new Administration UI.
If the time difference between the time you installed the Policy Server and the time you installed the Administration UI is greater than 24 hours, you might need to run the following command if you see this error when trying to login to the Administration UI for the first time:
c:CASiteminderbin>XPSRegClient siteminder -adminui-setup -t 1440 -r 5 -cp -l c:/logs/ -e c:/logs/error.log –vT
• (run XPSRegClient.exe without any parameters to get the catalog of option).
• The parameter ‘siteminder’ refers directly to the super-user
• You’ll be prompted to enter a passphrase, use the super-user password
This step is necessary to create a trusted relationship between the client and the policy server.