Page History

...

The Precise Single Sign On feature works with Apache Web server v2.2.3 or higher. The Apache Web server should be configured to work as a reverse proxy server, which is installed using the Tomcat port of Precise.

To configure the Apache Web server for Windows1.    Open

1. Open the \conf\httpd.conf file in the Apache installation folder.

...

1. Change the line with the Listen and port number to the GUI port of Precise (The port that the Precise Tomcat Web server listens to, in this example 20760). The information will become: Listen 20760

...

1. Change the line with the ServerName and port number (in this example 20760) to the required server and GUI port.
   ServerName GUI-TEST-INST.precise.com:20760

...

1. Look for the following three lines with the proxy modules and remove the pound/hash marks (# sign) from them:
   LoadModule proxy_module modules/mod_proxy.so
   LoadModule proxy_connect_module modules/mod_proxy_connect.so
   LoadModule proxy_http_module modules/mod_proxy_http.so

...

1. Change the port the Precise Tomcat Web server will listen to, for example to 20761 by adding the following entries at the end of the file, where the new port of the Tomcat is used (In this case 20761, see the following section about this port):
   <Proxy *>
        Order deny,allow
        Allow from all
   </Proxy> ProxyRequests Off ProxyPreserveHost On
   ProxyPass / http://gui-test-inst.precise.com:20761/
   ProxyPassReverse / http://gui-test-inst.precise.com:20761/
   Verify that http://gui-test-inst.precise.com:20761 is replaced with the fully qualified domain name and port of your Precise installation.

...

1. Open the <Precise_root>/infra/setup.xml file and edit the <tomcat-

...

1. port> tag.

...

1. Change the port of the Precise Tomcat Web server to a port that is not open to the outside world, or is behind a firewall, to prevent direct access to it. In this example, the Tomcat port will be 20761.

...

1. Restart first the Tomcat service and then the Apache service.

The restart order is important because the Tomcat server has to release the port that the Apache server is configured to listen to.

To configure the Apache Web server for Linux1.    Change

1. Change the port of the Precise Tomcat Web server to a port that is not open to the outside world, or is behind a firewall, to prevent direct access to it. In this example, the Tomcat port will be 20761.
   Remember to make the change in the Precise setup.xml file

...

1. Enable the mod_proxy feature in the Apache Web server. For example, on a Debian server it is done by symlinking some files:
        symsrv:/etc/apache2/mods-enabled# ls
        cgid.conf cgid.load userdir.conf userdir.load
        symsrv:/etc/apache2/mods-enabled# ln -s ../mods-available/proxy.* . symsrv:/etc/apache2/mods-enabled# ln –s
        ../mods-available/proxy_http.* .
        symsrv:/etc/apache2/mods-enabled# ls
        cgid.conf cgid.load proxy.conf proxy.load proxy_http.conf proxy_http.load userdir.conf userdir.load

...

1. Configure the mod_proxy feature by creating a configuration file snippet, conf.d/symi3, as described in the following code:
        symsrv:/etc/apache2/mods-enabled# cd ../conf.d
        symsrv:/etc/apache2/conf.d# cat > symi3
        <Proxy *>
             Order deny,allow
             Allow from all
        </Proxy>
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://gui-test-inst.precise.com:20761/ ProxyPassReverse / http://gui-test-inst.precise.com:20761/
        teacup:/etc/apache2/conf.d#
   Verify that http://gui-test-inst.precise.com:20761 is replaced with the fully qualified domain name and port of your Precise installation.

Anchor
InstallingtheSiteMinderWebagent InstallingtheSiteMinderWebagent

Installing the SiteMinder Web agent

For installing the SiteMinder Web agent you need to have SiteMinder installed on your application and a user name and password for access to the SiteMinder support site to download the SiteMinder Web agent.

To install the SiteMinder Web agent1.    Before

1. Before downloading and installing the SiteMinder Web agent, perform the steps described in the procedure, "To make changes on the System tab in the Configuring the SiteMinder Policy server

...

1. .".

...

1. Download and install the latest SiteMinder Web agent for Apache Web servers.
   Verify that the version you download supports the Apache Web server version that we support – in this case, version 2.2.3 and that you download the file for the platform on which your Apache Web server is installed.
   
   1. Download the agent from https//support.netegrity.com

...

1. 1. .
   2. Insert your user name and password

...

1. 1. .
   2. Select Tools in the left pane

...

1. 1. .
   2. Choose Download Manager

...

1. 1. .
   2. Select SiteMinder Web Agent in the Download a product drop-down menu

...

1. 1. .
   2. Choose SiteMinder 6.x QMR's

...

1. 1. .
   2. Choose the agent to be downloaded.

...

1. After installing the SiteMinder Web agent, configure it according to the

...

1. SiteMinder's Web agent Installation and Configuration guide.

...

1. Open the WebAgent.conf file in the \Program Files\Apache Software Foundation\Apache2.2\conf folder

...

1. , and then set EnableWebAgent="YES".

...

1. Add the Apache Web server as a protected resource to the

...

1. SiteMinder's protected resources.

...

1. Restart the machine after you have installed the Web Agent.

Anchor
ConfiguringtheSiteMinderPolicyserver ConfiguringtheSiteMinderPolicyserver

Configuring the SiteMinder Policy server

The SiteMinder Policy server is used to configure the policy server to protect Precise.

To configure the Policy server1.    Log

1. Log in to the Policy server management application.

...

1. Define the protection on the Precise application by performing steps on two of the three main tabs (System, Domains, Global Policies) on the main window of the Policy server management application as described in separate procedures.

To make changes on the System tab1.    Define

1. Define a new Web agent under the Agents item.

...

1. Define a new Host Configuration Object under the Host Conf Objects item.

...

1. Duplicate the DefaultHostSettings object, give it a name, and replace the complete <IPAddress> with the Policy Server IP address.

...

1. Define a new Agent Configuration Object under the Agent Conf Objects item.

...

1. Duplicate the ApacheDefaultSettings configuration object, give it a name, and configure the following items so that they have the values as described in the table:

...

1. • PersistentCookies. Yes
   • IgnoreExt. Add the following extensions: .xml and .css

...

1. • ForceFQHost. Yes
   • DefaultAgentName. Verify that this contains the name of the new Web agent defined in the Agents item.

...

1. • AgentName. Verify that this contains the name of the new Web agent defined in the Agents item.

...

1. • CookieDomain. Add the domain the agent is working in. For example: .precise.com

To make changes on the Domains tab1.    In

1. In the domain tab, add a domain and give it a name

...

1. , such as precise.

...

1. Add the user directories to the related Precise domain.

...

1. See the SiteMinder documentation for further instructions.

...

1. Under the Precise domain, add a realm and give it a name

...

1. , such as precise-Realm. This realm will protect Precise.

...

1. Configure the Precise-Realm

...

1. in the realms subfolder

...

1. .

...

1. Under the Precise-Realm, create a rule and give it a name

...

1. , such as Precise-rule.

...

1. Add a new response under the Precise/Responses entry.

...

1. Add a new policy under the Precise/Policies entry:

To configure the Precise-Realm1.    Open

1. Open the Realms subfolder by clicking the + icon next to the Realms folder under the Precise domain

...

1. Double click the Precise-Realm folder.

...

1. On the Resource tab, verify that the following items have the following values:

...

1. • Agent. Add the Web agent that is installed on the Precise Web server.
   • Resource

...

1. • filter. /i3/Login
   • Authentication

...

1. • scheme. Basic authentication
   • Default resource

...

1. • protection. Protected
2. On the Session tab, verify that the following items have the following values:
   • Maximum Time Out

...

1. • Enabled. Check 2 hours, 0 minutes Idle.
   • Time Out

...

1. • Enabled. Check 2 hours, 0 minutes.
   • Persistent

...

1. • Session. Choose No Persistent Session.
   • Synchronous

...

1. • Auditing. Should be unchecked.

...

1. On the Advanced tab, perform the following steps:

   ...

   1. 1. Configure the Directory Mapping to the location of the user folder.

   ...

   1. 1. Select the Process Authentication Events checkbox.

   ...

   1. 1. Select the Process Authorization Events checkbox.

   ...

   1. Click Apply, and the click OK.

   To create and name a rule under the Precise-Realm1.    Right

   1. Right-click in the tree on the Precise-Realm and choose Create Rule under Realm.

   ...

   1. In the Rules Properties dialog box provide a name for the rule

   ...

   1. , such as Precise-Rule.

   ...

   1. Clear the Perform Regular Expression checkbox.

   ...

   1. Under the Action group, select the Web Agent actions and Get and Post.

   ...

   1. Under the Allow/Deny and Enable/Disable group, select the Allow Access radio button.

   ...

   1. Under the Allow/Deny and Enable/Disable group, select the Enabled checkbox.

   To add a new response under the Precise/Responses entry1.    Give

   1. Give a name to the response

   ...

   1. , such as Precise-response.

   ...

   1. Select SiteMinder's Web agent response type option.

   ...

   1. Click Create and create the response attribute.

   ...

   1. Select the User Attribute radio button.

   ...

   1. Create a cookie called

   ...

   1. Precise-SiteMinderUser. That returns the FullName if it is the NT domain name. If you are working with a different folder, choose the property in the folder that holds the user name.
      This user name should be defined also in the Precise application in the Precise AdminPoint.

   ...

   1. Select the Recalculate value every xx seconds checkbox and give it a value of 15.

   To add a new policy under the Precise/Policies entry1.    Give

   1. Give a name to the policy

   ...

   1. , such as Precise-policy.

   ...

   1. Verify that the policy is enabled.

   ...

   1. In the Rules tab, insert the Precise-rule and the Precise-response with the values you set in the previous procedures.

   ...

   1. In the Users tab, define the relevant users.

   Anchor
   ChangingthePreciseconfiguration ChangingthePreciseconfiguration

   Changing the Precise configuration

   The Precise configuration needs to be changed to connect it to SiteMinder and activate the Single Sign On feature. To connect SiteMinder and activate the Single Sign On feature to Precise.1.    Edit

   1. Edit the siteMinder.htm file located in:
      

   ...

   1. <Precise_root>\products\gui\website\webapps\i3\Login.

   ...

   1. Set the bSiteMinderActive variable to true (bSiteMinderActive = true;).

   ...

   1. Save the file.

   ...

   1. Edit the products\i3fp\login\jaas.config file so that its content looks like:
      StartPoint{com.precise.infra.login.SiteMinderLoginModule required;};

   ...

   1. Stop and then restart the Precise FocalPoint.

   Anchor
   DisablingthePreciseintegrationwithSiteMinder DisablingthePreciseintegrationwithSiteMinder

   Disabling the Precise integration with SiteMinder

   ...

   Precise Website	Solutions	Support	Support Portal	Community	About Us	Legal