CA eTrust SiteMinder Policy Server Management

More documents

Recommendations

Info

Configure LDAP Storage Options Configure Enhanced LDAP Referral Handling Enhancements have been made to SiteMinder’s LDAP referral handling to improve performance and redundancy. Previous versions of SiteMinder supported automatic LDAP referral handling through the LDAP SDK layer. When an LDAP referral occurred, the LDAP SDK layer handled the execution of the request on the referred server without any interaction with the Policy Server. SiteMinder now includes support for non-automatic (enhanced) LDAP referral handling. With non-automatic referral handling, an LDAP referral is returned to the Policy Server rather than the LDAP SDK layer. The referral contains all of the information necessary to process the referral. The Policy Server can detect whether the LDAP directory specified in the referral is operational, and can terminate a request if the appropriate LDAP directory is not functioning. This feature addresses performance issues that arise when an LDAP referral to an offline system causes a constant increase in request latency. Such an increase can cause SiteMinder to become saturated with requests. To configure LDAP referral handling 1. Open the Policy Server Management Console. 2. Select the Data tab. Enable Enhanced Referrals Mark this check box to allow the Policy Server to use enhanced handling LDAP referrals at the Policy Server, rather than allowing LDAP referral handling by the LDAP SDK layer. Max Referral Hops Indicates the maximum number of consecutive referrals that will be allowed while attempting to resolve the original request. Since a referral can point to a location that requires additional referrals, this limit is helpful when replication is misconfigured, causing referral loops. 3. Modify the values as required. 4. Restart the Policy Server. 34 Policy Server Management
Configure LDAP Storage Options Configure Support for Large LDAP Policy Stores Large LDAP policy stores can cause Policy Server User Interface performance issues. To prevent these problems, you can modify the values of these two registry settings: Max AdmComm Buffer Size Specifies the Policy Server User Interface buffer size (specifically, the maximum amount of data, in bytes, that is passed from the Policy Server to the Policy Server User Interface in a single packet). The Max AdmComm Buffer Size registry setting should be configured at the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion \PolicyServ\ The value of this setting must be set very carefully as allocation of a larger buffer results in a decrease in overall performance. The acceptable range of Max AdmComm Buffer Size is 256KB to 2 GB. The default value this is 256KB (also applies when this registry setting does not exist). SearchTimeout Specifies the search timeout, in seconds, for LDAP policy stores. The SearchTimeout registry setting should be configured at the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion \LdapPolicyStore\SearchTimeout The appropriate value for this setting depends upon and can vary according to several factors including network speed, size of the LDAP search query response, the LDAP connection state, load on LDAP server, and so on. The value should be large enough to prevent LDAP timeout when fetching large amounts of policy store data from the LDAP server. The default value is 20 seconds (also applies when this registry setting does not exist). More information: Configure the Policy Store Database (see page 28) Configure a Separate Database for the Key Store (see page 30) Policy Server Management Console (see page 153) Management Console--Data Tab Fields and Controls (see page 160) Chapter 3: Configuring Policy Server Data Storage Options 35
Page 1 and 2: CA eTrust ® SiteMinder ® Policy S
Page 3: CA Product References This document
Page 6 and 7: Specify a Netscape Certificate Data
Page 8 and 9: Chapter 12: User Session and Accoun
Page 10 and 11: SiteMinder Global Settings Dialog P
Page 12 and 13: Define the Realm ..................
Page 15 and 16: Chapter 1: Policy Server Management
Page 17 and 18: Policy Server Management Overview T
Page 19 and 20: Policy Server Management Tools Star
Page 21 and 22: Chapter 2: Starting and Stopping th
Page 23 and 24: Configure the Policy Server Executi
Page 25: Configure the Policy Server Executi
Page 28 and 29: Configure the Policy Store Database
Page 30 and 31: Configure a Separate Database for t
Page 32 and 33: Configure a Database for the Sessio
Page 36 and 37: Configure ODBC Storage Options Conf
Page 38 and 39: Specify a Netscape Certificate Data
Page 40 and 41: Configure Policy Server Settings Co
Page 43: Chapter 5: Changing the Policy Serv
Page 46 and 47: Policy Server Encryption Keys Overv
Page 48 and 49: Dynamic Agent Key Rollover More inf
Page 50 and 51: Session Ticket Keys ■ User Tracki
Page 52 and 53: Key Management Scenarios ■ Multip
Page 54 and 55: Key Management Scenarios The follow
Page 56 and 57: Key Management Scenarios Multiple P
Page 58 and 59: Manage Agent Keys More information:
Page 60 and 61: Manage Agent Keys 3. Click OK. Note
Page 62 and 63: Manage Agent Keys To change the sta
Page 64 and 65: Manage the Session Ticket Key Gener
Page 66 and 67: Shared Secret for a Trusted Host Sh
Page 68 and 69: Shared Secret for a Trusted Host No
Page 70 and 71: Report Logging Problems to the Syst
Page 72 and 73: Configure the Policy Server Profile
Page 74 and 75: Manually Roll Over the Profiler Tra
Page 77: Chapter 9: Configuring Administrati
Page 80 and 81: Enable Nested Security Enable Neste
Page 83 and 84: Chapter 11: Cache Management This s
Page 85 and 86:
Flush Caches To flush all caches 1.
Page 87:
Flush Caches 3. In the Resource Cac
Page 90 and 91:
Manage User Accounts Manage User Ac
Page 92 and 93:
Auditing User Authorizations 9. To
Page 95 and 96:
Chapter 13: Clustering Policy Serve
Page 97 and 98:
Clustered Policy Servers Failover T
Page 99 and 100:
Configure Clusters 11. When you fin
Page 101:
Point Clustered Policy Servers to t
Page 104 and 105:
OneView Monitor Overview The follow
Page 106 and 107:
Policy Server Data Component Path P
Page 108 and 109:
Web Agent Data Update Version numbe
Page 110 and 111:
Web Agent Data LoginAvgTime Average
Page 112 and 113:
Web Agent Data Apache and iPlanet 4
Page 114 and 115:
Configure the OneView Monitor Confi
Page 116 and 117:
Access the OneView Viewer View Moni
Page 118 and 119:
Access the OneView Viewer Sort Tabl
Page 121 and 122:
Chapter 15: Monitoring SiteMinder U
Page 123 and 124:
SNMP Monitoring Dependencies The Si
Page 125 and 126:
SiteMinder MIB The upper part of th
Page 127 and 128:
SiteMinder MIB Authentication Serve
Page 129 and 130:
SiteMinder MIB Object Name SNMP Typ
Page 131 and 132:
SiteMinder MIB Object Name SNMP Typ
Page 133 and 134:
Configure the SiteMinder Event Mana
Page 135 and 136:
Start and Stop SiteMinder SNMP Supp
Page 137:
Troubleshooting the SiteMinder SNMP
Page 140 and 141:
How to View Sample Reports Using Cr
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 153 and 154:
Chapter 17: Policy Server Managemen
Page 155 and 156:
Policy Server Management Console Pr
Page 157 and 158:
Policy Server Management Console
Page 159 and 160:
Policy Server Management Console Pe
Page 161 and 162:
Policy Server Management Console St
Page 163 and 164:
Policy Server Management Console Ne
Page 165 and 166:
Policy Server Management Console Co
Page 167 and 168:
Policy Server Management Console RA
Page 169 and 170:
Policy Server Management Console Mo
Page 171 and 172:
Policy Server Profiler Dialog Box P
Page 173 and 174:
Policy Server Profiler Dialog Box L
Page 175 and 176:
Policy Server Profiler Dialog Box H
Page 177 and 178:
Policy Server Profiler Filters Dial
Page 179 and 180:
Chapter 18: System Settings Referen
Page 181 and 182:
SiteMinder Cache Management Dialog
Page 183 and 184:
Key Management Key Management SiteM
Page 185 and 186:
Key Management SiteMinder Key Manag
Page 187 and 188:
Manage User Accounts Dialog Rollove
Page 189:
Manage User Accounts Dialog Value S
Page 192 and 193:
Command Line Troubleshooting of the
Page 194 and 195:
Check the Installed JDK Version -st
Page 196 and 197:
LDAP Referrals Handled by the LDAP
Page 198 and 199:
Error -- Optional Feature Not Imple
Page 201 and 202:
Appendix B: Scaling Your SiteMinder
Page 203 and 204:
How to Determine When to Add Web Ag
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
How to Determine When to Add Policy
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Database and Directory Consideratio
Page 221 and 222:
UNIX Server Tuning UNIX Server Tuni
Page 223 and 224:
Appendix C: Using the Policy Server
Page 225 and 226:
Policies in RADIUS Environments 1.
Page 227 and 228:
Policies in RADIUS Environments Pol
Page 229 and 230:
Policies in RADIUS Environments The
Page 231 and 232:
Responses in RADIUS Policy Domains
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Deploy SiteMinder in a RADIUS Envir
Page 241 and 242:
How to Authenticate Users in a Homo
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Authenticate Users in Heterogeneous
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
How to Authenticate Users in Hetero
Page 255 and 256:
Group RADIUS Agents Define Agents f
Page 257 and 258:
Group RADIUS Agents The following e
Page 259 and 260:
Troubleshoot and Test RADIUS Respon
Page 261 and 262:
Troubleshoot and Test RADIUS To use
Page 263 and 264:
Appendix D: Log File Descriptions T
Page 265 and 266:
smaccesslog4 Field Name Description
Page 267 and 268:
smaccesslog4 Field Name Description
Page 269 and 270:
smobjlog4 Field Name Description Nu
Page 271:
smobjlog4 Field Name Description Nu
Page 274 and 275:
Published Data This key is located
Page 276 and 277:
Published Data Published Policy Ser
Page 278 and 279:
Published Data TAG Contains Descrip
Page 280 and 281:
Published Data The following table
Page 282 and 283:
Published Data Published User DIrec
Page 284 and 285:
Published Data Published Agent XML
Page 286 and 287:
Published Data Published Custom Mod
Page 289 and 290:
Appendix F: Error Messages This sec
Page 291 and 292:
Authentication Message Function Des
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Authorization Error Message Functio
Page 307 and 308:
Server Message Function Description
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Java API Message Function Descripti
Page 323 and 324:
Java API Error Message Function Des
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
LDAP Error Message Function Descrip
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
ODBC ODBC Error Message Function De
Page 357 and 358:
Directory Access Error Message Func
Page 359 and 360:
Directory Access Message Message ID
Page 361 and 362:
Directory Access Message Message ID
Page 363 and 364:
Tunnel Error Message Function Descr
Page 365 and 366:
Index A access accept • 237 acces
Page 367 and 368:
Configure ODBC Storage Options •
Page 369 and 370:
Flush Resource Caches • 87 Flush
Page 371 and 372:
Management Console--Keys Tab • 16
Page 373 and 374:
Published Agent XML Output Format
Page 375 and 376:
SiteMinder Global Settings Dialog P
Page 377:
terminating • 84 User Session and
show all

CA eTrust SiteMinder Policy Server Management

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?