Pages

Saturday, February 19, 2011

CA Enterprise Log Manager r12.5 and SiteMinder User Directories

Enterprise Log Manager r12.5 
User Authentication Configuration (Draft1.0)

Click here to download PDF version with screenshots.

Enterprise Log Manager (ELM) gives you the option of creating users within the internal ELM DB store, referencing an external LDAP repository, or the User Directories defined within SiteMinder.  This is a quick guide on configuring a SiteMinder User Directory as the user source for ELM. This guide will start right after an initial installation of the ELM r12.5 appliance. 
pastedGraphic.pdf
In this exercise, ELM will be configured with an existing Active Directory User Directory configured in a SiteMinder Policy Server.
The first step in the ELM/SiteMinder configuration is to create some required objects in the SiteMinder Policy Server. The ELM server communicates with the SiteMinder Policy Server using an Admin ID via a 4.x Agent object. 
Start by creating the 4.x Agent Object. Using the SiteMinder Administrator UI, create a new agent. To configure the agent as a 4.x agent (Legacy), enable the ‘Supports 4.x agents’ checkbox. This will require you to add an IP Address and Password for the agent to communicate. The IP address can be anything. You can use the IP address of the target server using the agent, or you can use the local loop address. The Shared Secret will be the password the ELM server will need to use to communicate with the agent. 
Navigate to https://hostname:5250/spin/calm. Login with the default EEM user ‘eiamAdmin’. You will be directed to the Administration tab, as the eiamadmin account only has access to User and Access Management. 
From the User and Access Management tab, click on the User Store icon. 
A new browser will open for EEM Server Configuration. This is where you will enter your SiteMinder information. 
Click on Reference from CA SiteMinder
Host: Your Policy Server Server
Admin Name: A SiteMinder Admin ID with rights to the User Directory you want to reference
Admin Password: Admin ID password.
Agent Name: The name of the 4.x Agent Object you created.
Agent Secret: The Shared Secret given to the 4.x Agent. 
After you enter the Policy Server information, click on the Refresh Store in the USer Store Information box. This will expose the available User Directory objects configured in SiteMinder. 
Click on Save and then Close when you have selected your User Directory Object. After clicking on Close, you will be logged out of the EEM interface. Go back to the ELM Administration tab. This time, click on User icon. 
Once again, a new browser screen will open. User the Search Users box, leave the current values alone and click on Go.
This will display all the available users. 
Next is assigning ELM Admin roles to users. 
Click on one of your users. A user profile will appear on the right windows section. Under “CAELM”: User Details click on Add Application User Details. 
A new section will appear that has 3 available Application Group Membership. Select the one or multiple Application Groups you want to assign to this application. 
After selecting your Application Groups, click on save and close. Click on close one more time to exit the User section. 
If still logged in, Log Out of the ELM admin UI. 
This time login using the user you have added application groups to. 
This time after login, your landing page will be the ELM default dashboard. 
You can now configure your ELM environment.