The Penrose Project

• Overview
  • News
  • FAQ
  • Features
  • Licenses
  • Download
  • Demo
• Documentation
  • Quick Start
  • Version 1.2 (in development)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Version 1.1 (stable)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Use Cases
  • Community Wiki
• Developer
  • Nightly Builds
  • Code Repository
  • Road Map
  • Change Log
  • Project Management
• Support
  • WebChat
  • Forum & List
  • Bug/Feature Tracker
  • Team
  • Contact

CA SiteMinder

System Requirement

The instruction in this document was tested on this environment:

• Windows Server 2003
• Microsoft IIS 6.0
• JRE 1.4.2
• Penrose 0.9.4
• SiteMinder 6.0

Installing SiteMinder

Install ServletExec

The installation file can be found in SiteMinder Policy Server's distribution under thirdparty-tools/servlet-engine-5.0.

Install SiteMinder Policy Server

Follow SiteMinder's documentation on installing the Policy Server. Do not configure the Policy Store during installation. Restart the machine as instructed.

Installing Penrose

Install Penrose Server

Install Penrose Server in PENROSE_SERVER_HOME.

Install Penrose Studio

Install Penrose Studio in PENROSE_STUDIO_HOME.

Install SiteMinder schema for Penrose Server

Copy the siteminder-schema.jar into PENROSE_SERVER_HOME/lib/ext directory and PENROSE_STUDIO_HOME/plugins/org.safehaus.penrose_x.x.x/lib/runtime.

Copy the siteminder.schema into PENROSE_SERVER_HOME/schema and PENROSE_STUDIO_HOME/schema.

Setting Up Policy Store

For the Policy Store, you need to create a regular (non-virtual) partition. Edit PENROSE_SERVER_HOME/conf/apacheds.xml and add the following partition configuration. In this example we use dc=example,dc=com, but you can change it to something else.

<bean id="examplePartitionConfiguration" class="org.apache.ldap.server.configuration.MutableContextPartitionConfiguration">
    <property name="name"><value>example</value></property>
    <property name="suffix"><value>dc=example,dc=com</value></property>
    <property name="indexedAttributes">
      <set>
        <value>objectClass</value>
        <value>ou</value>
        <value>uid</value>
      </set>
    </property>
    <property name="contextEntry">
      <value>
        objectClass: top
        objectClass: domain
        objectClass: extensibleObject
        dc: example
      </value>
    </property>
  </bean>

Add the new partition into the configuration bean:

<bean id="configuration" class="org.apache.ldap.server.configuration.MutableServerStartupConfiguration">
    ...
    <property name="contextPartitionConfigurations">
      <set>
        ...
        <ref bean="examplePartitionConfiguration"/>
        ...
      </set>
    </property>
    ...
  </bean>

Restart the server, then add the following entries using an LDAP client. Change the suffix if necessary.

dn: ou=Netegrity,dc=example,dc=com
ou: Netegrity
objectClass: organizationalUnit
objectClass: top

dn: ou=SiteMinder,ou=Netegrity,dc=example,dc=com
ou: SiteMinder
objectClass: organizationalUnit
objectClass: top

dn: ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,dc=example,dc=com
ou: PolicySvr4
objectClass: organizationalUnit
objectClass: top

Use the Policy Server's Management Console to configure the Policy Store.

Use the smreg.exe program that comes with the Policy Server's distribution to create the SiteMinder administrator user and password.

smreg -su <password>

Then import basic SiteMinder objects using the following command:

<SITEMINDER_HOME>/bin/smobjimport -i<SITEMINDER_HOME>/db/smdif/smpolicy.smdif -v -DSiteMinder -w<password>

Setting Up User Directory

Use Penrose Studio to design your virtual directory. By default the virtual directory has a suffix dc=penrose,dc=safehaus,dc=org, but you can change it to something else. Then use the Policy Server's User Interface to create a User Directory using this suffix.