Osarobo_Idehen

CA Directory 12.6.x Installation & Configuration as SSO Policy Store on RedHat 6 64bits:

Blog Post created by Osarobo_Idehen Employee on Oct 15, 2017

CA Directory 12.6.x Installation & Configuration as SSO Policy Store on RedHat 6 64bits:

 

1) Download install rpm from below:

https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-directory-12-6-latest-cumulative-release-download.html

 

2) install using below command:

rpm -i <RPM package name>

Note:

By defaault the above command installs ca directory in below path:

/opt/CA/Directory/dxserver

 

3) run below commands

# cd /opt/CA/Directory/dxserver
# export DXHOME=`pwd`
# export CAPKIHOME=/opt/CA/Directory/dxserver/lib/capki

 

4) Change Directory to dxserver bin directory and install dsa:

# cd /opt/CA/Directory/dxserver/bin


# ./dxnewdsa dsapstore2 19999 "dc=training,dc=com"

 

5) Create a CA Single Sign-On schema file by copying the default.dxg schema file and renaming it.

# cd /opt/CA/Directory/dxserver/config/schema

# cp -p default.dxg dsapstore2.dxg

 

6) copy below files from SSO policy server to the dxserver schema directory:

"netegrity.dxc"
"etrust.dxc"

Note: The netegrity.dxc file is installed with the Policy Server in policy_server_home\eTrust. The etrust.dxc file is installed with the Policy Server in siteminder_home\xps\db

 

7) Edit the DSA's DXI file (DSA_Name.dxi) by changing the schema from default.dxg to the new SiteMinder schema file.

# cd /opt/CA/Directory/dxserver/config/servers

# vi dsapstore2.dxi

change
# schema
source "../schema/default.dxg";
to
# schema
source "../schema/ps12sp3cr08.dxg";

at the end of the file, add :

# cache configuration
set ignore-name-bindings=true;

 

8) Copy the default limits DXC file of the DSA (default.dxc) to create a CA Single Sign-On DXC file.

# cd /opt/CA/Directory/dxserver/config/limits

# cp default.dxc dsapstore2.dxc

 

9) Edit the settings in the new DXC file to match the following:

# size limits
set max-users = 1000;
set credits = 5;
set max-local-ops = 1000;
set max-op-size = 4000;
set multi-write-queue = 20000;

 

10) Edit the DXI file of the DSA (DSA_Name.dxi) by changing the limits configuration from default.dxc to the new CA Single Sign-On limits file.

# cd /opt/CA/Directory/dxserver/config/servers

# vi dsapstore2.dxi

Change


# service limits
source "../limits/default.dxc";


to

# service limits
source "../limits/dsapstore2.dxc";


11) stop and restart the DSA using the following commands

./dxserver start dsapstore2

./dxserver stop dsapstore2


12) Connect to DSA via jxplorer using below base DN:
dc=training,dc=com

Configure the dxserver as Policy Store

connect host hostname.training.com as anonymous

Select the root element of your DSA.
Create an organizational unit under the root element called:
Netegrity

Create an organizational unit (root element) under Netegrity called:
SiteMinder

Create an organizational unit (root element) under SiteMinder called:
PolicySvr4

Create an organizational unit (root element) under PolicySvr4 called:
XPS
The base tree structure is created.


13)

create a user under dc=training,dc=com as cn=admin,dc=training,dc=com
cn of the user will be cn=admin
sn of the user will be sn=admin
edit the userpassword and set "password" as firewall
this user should have objectClass :

inetOrgPerson
organizationalPerson
person
top

Configure the connection to the Policy Store with

Admin Username : cn=admin,dc=training,dc=com
Password : firewall
Confirm Password : firewall
Root DN : dc=training,dc=com


14) Bring up smconsole and Point the Policy Server to the Policy Store

 

15) From smconsole click Key Store and select

LDAP > Use Policy Store database

 

16) Copy the smreg utility to siteminder_home\bin and run below:

# smreg -su firewall

 

17) Import the Policy Store Data Definitions

# cd /F6/CA/siteminder/xps/dd

# XPSDDInstall SmMaster.xdd

 

18) Import the Default Policy Store Objects

# cd /F6/CA/siteminder/db

# XPSImport smpolicy.xml -npass
# XPSImport ampolicy.xml -npass
# XPSImport fedpolicy-12.5.xml -npass
# XPSImport default-fedobjects-config.xml -npass

 

19) Register the AdminUI with the Policy server

# XPSRegClient siteminder -adminui-setup

password: firewall

Outcomes