Pages

Tuesday, February 16, 2010

Configuring SiteMinder FSS Client without the new AdminUI

SiteMinder R12 introduced the new Administrative UI which brings a great wealth of features and usability. However, there can be situations where you might not be interested in the overhead of the new UI requirements (app server, db), or simply not like it and prefer to keep using the classic SiteMinder Administrative UI. Now renamed SiteMinder FSS Administrative UI, it has been changed where you can no longer start it up and login using your SiteMinder ID. 


As SiteMinder R12 documentation states: "...you must install and configure the Administrative UI before registering the FSS Administrative UI."The challenge then is that it seems you can't get around just using the FSS Admin UI without installing the new administrative framework. 


In essence, what the FSS UI needs to work is a 4x-compatible agent. Therefore, instead of requiring the Admin UI to create a 4.x compatible agent, you can simply run a perl script to create the agent required to allow your FSS to login. 


Many  thanks to my co-worker, V G, who gave me this script. I am not sure of its origins other than it was written by Netegrity at some point. 


Click here to download a copy of the perl script. Be sure to modify to your needs. 


You don't need to install PERL. It is already installed as part of the policy server install. First, lets look at the script. 



################################################################################
#                                                                              #
#   Copyright (C) 1997-2004, Netegrity, Inc. All rights reserved               #
#                                                                              #
#   Netegrity, Inc. makes no representations concerning either the             #
#   merchantability of this software or the suitability of this software       #
#   for any particular purpose. It is provided "as is" without express         #
#   or implied warranty of any kind.                                           #
#                                                                              #
################################################################################


use Netegrity::AgentAPI;
use Netegrity::PolicyMgtAPI;


#                                                                              #
# Begin site-specific configuration                                            #
# The follwing information should be changed before running this sample.       #
#                                                                              #

$adminName          = 'SiteMinder';
$adminPwd           = 'P@ssword01';
$agentIP            = '127.0.0.1';
$agentSecret        = 'P@ssword01';


#                                                                              #
# End site-specific configuration                                              #
#                                                                              #


$policymgtapi = Netegrity::PolicyMgtAPI->New();
$session = $policymgtapi->CreateSession($adminName, $adminPwd);

die "\nFATAL: Cannot create session. Please check admin credentials\n"
    unless ($session != undef);

showmenu();

sub showmenu {

  
    print "\n\n*********** SiteMinder (SM) Scripting Interface Demo  ***********\n";
    print "\n";
    print "\n";
    print "\tPlease make a selection from the following:\n";
    print "\n";
    print "\t[1] Setup Policy Store.\n";
    print "\n";
    print "\t[9] Exit\t\t\t\t\t\t\n";
    print "\n";
    print "\tChoice: ";

    chomp($choice = );
  
    if($choice == 1) {
        setup_ps_store();
    } elsif ($choice == 9) {
        exit(0);
    } else {
        print "Invalid Choice. Please make another selection.\n";
        showmenu();
    }
}



sub setup_ps_store {

    # Create an agent. Agent will be a 4x Agent

    print "\n\tCreating Agent \'FSS-Agent\'…";
    $agent = $session->CreateAgent( "FSS-Agent",
                                    $session->GetAgentType("Web Agent"),
                                    "FSS-Agent",
                                    $agentIP,
                                    $agentSecret
                                  );

    if(!defined $agent) {
        die "\nFATAL: Unable to create Agent \'web-agent\'\n";
    }
}


---------------------------------------------------------

Key things to change:



$adminName          = 'SiteMinder';
$adminPwd           = 'P@ssword01';
$agentIP            = '127.0.0.1';
$agentSecret        = 'P@ssword01';


Update the admin connection information for the script to be able to connect to your policy server.


    print "\n\tCreating Agent \'FSS-Agent\'…";
    $agent = $session->CreateAgent( "FSS-Agent",
                                    $session->GetAgentType("Web Agent"),
                                    "FSS-Agent",
                                    $agentIP,
                                    $agentSecret
                                  );

You can change 'FSS-Agent' to be whatever name you want the agent to have.


Running the script

If you download the script, make sure you rename the file to a .pl extension.

To simplify things, copy the script to ..\CA\siteminder\CLI\bin

Use the PERL executable that is located within the ...\CA\siteminder\CLI\bin location. 

C:\CA\siteminder\CLI\bin>perl.exe FSSAgent.pl

*********** SiteMinder (SM) Scripting Interface Demo  ***********


        Please make a selection from the following:

        [1] Setup Policy Store.

        [9] Exit

        Choice: 1

        Creating Agent 'FSS-Agent'...

After running the script, you are all done. Start the FSS UI and use the agent and password you just created as the 'Host Name' and 'Passphrase' of the FSS UI.