A coupIe of examples were posted to the MyCA Security Communities (public) forum related to building the SiteMinder Policy Server data stores (Policy/Key Store) for Windows. I used the SiteMinder Installation Guide topics related to installing the Policy Server on UNIX (RHEL 6.4 x64 in my lab);and the topics on setting up a Policy Store/Key Store and a Session Store as the starting point for creating unique DSAs to host the Policy Store, Key Store and Session Store. I modeled my scripts on the setup.sh from the democorp samples folder to write a set of scripts to build the DSA configuration files and load the base tree structure for the SiteMinder data stores. I also looked at the topics on configuring a separate key store which starts with the excerpt below.
Please check out the scripts when you have a chance. The ZIP file contains a readme.txt that explains how to use the scripts. I plan to add support: to implement ACLs after the initial creation; and to implement extended logging/tracing for troubleshooting.
________________________________________
Configure a Separate Key Store
If you have a collocated policy/key store, you can configure the Policy Server to use a separate key store.
The type of directory server that is to function as a separate key store determines how you configure the store:
• If you can use the CA SiteMinder smldapsetup utility to configure a policy store, you can configure a separate key store using key store–specific schema. The following directory servers can be configured this way:
o Microsoft Active Directory
o Microsoft AD LDS
o Oracle Directory Server Enterprise Edition
o Oracle Internet Directory Server
o Red Hat Directory Server
• If you cannot use the CA SiteMinder smldapsetup utility to configure a policy store, then you must:
1. Configure a separate directory server instance with the policy store schema only. The policy store schema includes the key store schema. You do not have to:
Set the CA SiteMinder superuser password.
Import the default policy store objects.
Import the policy store data definitions.
A separate key store does not require these objects.
2. Configure the Policy Server to use this policy store instance as a key store only.
Note: For more information, see the Policy Server Administration Guide