Professional Documents
Culture Documents
Integration Summary
The RadiantOne federated identity service unifies your identity infrastructure, delivering a global list where every
user is represented only once so SiteMinder can authenticate efficiently, and building a complete identity profile
for each user to enable attribute sharing and fine-grained authorization.
Page 1 of 10
October 2014
By creating a single access point, a federated identity service enables SiteMinder to access identities from across
the infrastructure, so you can extend the schemas of underlying data sources with application-specific attributes,
without touching the stores themselves. This allows you to quickly add new serviceseven ones with specific
attributes not already contained in your data sourcesand extend them to new populations, all without having to
change SiteMinder policies.
RadiantOne Virtual Directory Server (VDS) is the main component of the federated identity service.
Integrates identities to create a single account, including a unified policy profile for each user.
Establishes and maintains correlations between disparate accounts.
Offers a high-performance, high-availability LDAP V.3 directory service thats scalable.
Makes all identity information available in real-time.
Builds a flexible infrastructure that can be re-used across any IdM or related initiative.
System Requirements
RadiantOne VDS is based on Java technologies and Radiant Logic currently provides installers containing all the
pre-requisites (except the Flash plug-in used by administration interfaces) for Windows and Linux. The Flash plugin does not necessarily need to be installed on the server but on the administrative clients.
Here are more details on the supported platforms as of July 2013:
Page 2 of 10
October 2014
Software
Operating System: Windows 2003, or 2008 R2 Server, Windows Server 2012
Software
Operating System: Red Red Hat Linux ES 2.1 or above, Red Hat 8 or above, CentOS v5.3, SUSE Linux
Enterprise v10 or above, Ubuntu 9 or above
Linux Enterprise v10 or above, Ubuntu 9 or above
To test this integration, RadiantOne was installed on Windows Server 2008 R2.
The version of RadiantOne configured was VDS 7.1.5.
The versions of CA SiteMinder tested were r12.5, r12.51, r12.52.
You can find more information on the latest system requirements on our website: www.radiantlogic.com or by
contacting our support team at support@radiantlogic.com.
Integration Details
Page 3 of 10
October 2014
1.
2.
3.
Click Create User Directory, and then create an LDAP based user directory based on the SiteMinder
configuration guide.
Below is an example of SiteMinder r12.52 configuration:
Page 4 of 10
October 2014
2.
3.
4.
5.
6.
7.
2.
Copy ldapschema_11.ldif.
3.
Page 5 of 10
October 2014
4.
Rename the ldapschema_11.ldif file to ldapschema_<2 digit number greater than the existing file
names>.ldif e.g.: (ldapschema_99.ldif).
5.
In the VDS Control Panel, Directory tab, Configuration sub-tab, right-click on Root Naming Contexts and
create a new naming context named: dc=policystore and choose HDAP Store as the type.
Note: all the attributes are indexed be default when you use HDAP Store.
2.
3.
Once the naming context is created, select the Advanced Settings Tab.
4.
5.
Click Save.
Page 6 of 10
October 2014
7.
Navigate to the dc=policystore entry. Right-click on it and choose New Organizational Unit.
8.
9.
Page 7 of 10
October 2014
Copy the smreg.exe file that comes with the installer for the policy server to the SiteMinder policy store
bin directory (ex: C:\Program Files (x86)\CA\siteminder\bin).
2.
Open a command prompt, navigate to the bin directory of SiteMinder and execute the following
command:
smreg su <password>
Page 8 of 10
October 2014
Note - After importing the default policy store objects restart the policy server.
Radiant Logic has many joint customers with CA who are using SiteMinder with VDS, including AON and Coca Cola.
The main driver is Mergers & Acquisitions and the main use case for all these customers is to use VDS as a single
user directory for SiteMinder (as the only user directory).
Using VDS as a user directory greatly simplifies the configuration changes needed in SiteMinder due to the addition
of a new user population: VDS is in charge of the identity integration and provides a single access point for
authentication. It can also consolidate user attributes coming from multiple places in a global user profile and
enable fine grained access policies. No need to modify each of the SiteMinder domains to add a new user
directory, and then have to modify the policies and other artifacts to integrate the new identities: all the changes
can be done at the VDS layer without impacting SiteMinder.
Page 9 of 10
October 2014
Contact Information
Radiant Logic, Inc.
CA Technologies
One CA Plaza
Islandia, NY 11749
Phone: 800-225-5224
Fax: 631 342-6800
Email: TechnologyPartnerProgram@ca.com
Website: support.ca.com
Support
For any question regarding this integration, please contact us at support@radiantlogic.com or via phone:
Toll Free Number: 1.877.727.6442 (x2)
Tel: 1.415.209.6800 (x2)
Appendices
Page 10 of 10
October 2014