Archive for May, 2009

SiteMinder AutoLogin Issue

May 16, 2009

Hi everyone.

I’ve been trying to use a SiteMinder based autoLogin, but i can’t manage to set it properly. I hope someone will be able to tell me what i am doing wrong.

Thing is, i don’t want to use the ext environment.

In my portal-ext.properties, i’ve put :

1
2company.security.auth.type=screenName
3
4siteminder.auth.enabled=true
5
6siteminder.import.from.ldap=false
7
8siteminder.user.header=SM_USER
9
10auto.login.hooks=com.liferay.portal.security.auth.SiteMinderAutoLogin

Then, i have my com.liferay.portal.security.auth.SiteMinderAutoLogin.class in a jar placed in tomcat/common/lib

My SiteMinderAutoLogin class extends CASAutoLogin and has a
public String[] login(HttpServletRequest request,
HttpServletResponse response)
throws AutoLoginException
method.

The first statement in the Login method is printing something out, just to see if the method is called.

Problem is, that method is neved called…
What am I doing wrong ? Why is my custom auto login never used ?
Any suggestions ?

More Here

Courtesy:http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3096580;jsessionid=8C390CDA59880857D1C00A465C6BB55B

Configuring ADAM as a SiteMinder Policy Store

May 10, 2009

Microsoft’s ADAM directory provides a free, tightly integrated directory for storing SiteMinder policy information. Unfortunately, ADAM’s interface is not all that easy to understand which makes the initial configuration a little more complicated than desired. Additionally, finding all the specifics on what is needed on the SiteMinder side can be a little unnerving. This article breaks down the installation and configuration of ADAM for use as a SiteMinder policy store. So, let’s get started!

1. Download and Install ADAM

This is probably the most obvious step. As of writing this blog article, the latest version of ADAM can be found here:

http://www.microsoft.com/downloads/details.aspx?familyid=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en

The download at the link above contains the SP1 integrated package. So, this eliminate the need to install patches after the initial install. After the download completes, run the installer to install the base components.

2. Create a New ADAM Instance

Now that ADAM is installed, you need to create a new instance. To create a new instance select:

Programs -> ADAM -> Create an ADAM Instance

Be sure to create a Unique Instance when creating the new ADAM instance.

Next, give you ADAM instance a name. In this case, I chose to call it “MyADAM”.

On the next screen, be sure to select ports available on the system where you are installing ADAM. The defaults are 50000 (unencrypted) and 50001 (SSL).

Be sure to select “Yes, create an application directory partition” on the next screen. You can name the partition something meaningful for you. I chose “dc=mycompany,dc=com” for my partition name.

You can then change the locations to store the files associated with ADAM. I left mine set at the defaults. If you want to change the account used to run ADAM, you can change that on the next screen. I recommend using the Network service account unless you are a fan of dealing with Windows permissions (which I am not). Select “Current Logged in User” for the account with administrative rights to the ADAM instance.

On the next screen be sure to import the base LDIF files to initialize the ADAM instance. While they may not all be necessary, I select all of them on this screen.

You can then complete the ADAM instance configuration.

3. Administrator Account Access

Start ADAM ADSI Edit under:

Programs -> ADAM -> ADAM ADSI Edit

If your ADAM instance in not configured, select “Connect to…” and put in the port number of your ADAM instance. In my case, I left the default of 50000.

In the console tree, expand Connection Name, where Connection Name is the connection that you used above. Next expand “CN=Configuration,CN={GUID}” where GUID is a unique 128-bit number representing the user. Then expand “CN=Services” and finally expand “CN=Windows NT”.

Right-click “CN=Directory Service”, and select Properties:

In the Attribute list, locate and then click msDS-Other-Settings, and then click Edit.

In the Value to add box, type ADAMAllowADAMSecurityPrincipalsInConfigPartition=1, and then click OK.

Delete the existing value of “ADAMAllowADAMSecurityPrincipalsInConfigPartition=0″ and click OK to close the Directory Service Properties dialog box.

4. Create Administrator Account

The next step will be to create an administrative account for SiteMinder. Right-click on “CN=Roles” and select New -> Object…

On the next screen select “user” as the type of object:

Set the cn value to the name of the administrator and click the Next button. I chose “Administrator” for my users.

Click the “More Attributes” button on the next screen:

Set “displayName” attribute to your user display name, I picked “SiteMinder Admin”. Then set the “msDS-UserAccountDisabled” attribute to FALSE and the “msDS-UserDontExpirePassword” attribute to TRUE.

You may also need to set the “ms-DS-UserPasswordNotRequired” setting to TRUE if you can not save the user due to a password policy.

Next Right-Click on the “CN=Administrators” group and select Properties. Find the “member” attribute and click the Edit button (you may want to copy the distinguishedName of your user before doing this step).

Click the “Add ADAM Account…” button and put in the DN of the user we created above.

The last step is to select the user, right-click and reset the password:

5. Configure SiteMinder Policy Store Settings

After prepping ADAM, you’re finally ready to start on the SiteMinder side of things. The first step is to launch the SiteMinder Policy Server Management Console and select the Data tab. You will need to set the following items:

a. Enter IP and port number of ADAM
b. Enter partition name for root DN “dc=mycompany,dc=com”
c. Paste complete DN of ADAM administrator account you just created into “Admin Username” box

For example, the user we just created has a DN of:

CN=Administrator,CN=Roles,CN=Configuration,CN={GUID}

d. Click on Test LDAP Connection to verify connection works.

6. Set Up the Policy Store

After configuring the policy server to talk to ADAM, you will then need to configure the policy store. Open a cmd prompt and run the following commands:

a. C:\> smldapsetup status

b. C:\> smldapsetup ldgen -fadamschema.smdif

c. C:\> smldapsetup ldmod -fadamschema.smdif

d. C:\> smreg -su (NOTE: You may need to copy smreg into the siteminder bin directory to complete this step)

So, for me this looks like:

C:\> smreg -su password

e. C:\> smobjimport -i smpolicy.smdif -dsiteminder -w -v

So, for me this looks like:

C:\> smobjimport -i”C:\Program Files\netegrity\siteminder\db\smdif\smpolicy.smdif” -dsiteminder -wpassword -v

That’s it! You should now be able to start the policy server and log-in to the policy server administration UI.

<!–

XHTML: You can use these tags:

-->
More Here

Courtesy:http://www.coreblox.com/blog/?p=489