Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTREPRISE SERVER 6.0 - INSTALLATION AND MIGRATION GUIDE

191

192

193

194

195

196

197

198

199

200

obj.conf File Additions for UNIX Platforms

Appendix B: Settings Added to the Sun Java System Server Configuration 193

obj.conf File Additions for UNIX Platforms

When a Web Agent is configured to support an advanced authentication scheme,

the Web Agent adds settings to the Sun Java System‘s obj.conf file. SiteMinder

does not remove these settings later if the Agent is reconfigured to support a

different advanced authentication scheme. You must manually edit the obj.conf

file to remove the settings that are no longer relevant.

Most of the additional lines in the file are added by the Web Agent installation

program. Other lines (shown in bold) are added by the servlet engine that you

configure for the JSP version of the SiteMinder Password Services.

The lines added by the servlet engine must come before the NameTrans fn

functions added by the SiteMinder Web Agent.

In the following example of a modified obj.conf file, smhome represents the

installed location of SiteMinder on your system:

Note: Some entries in your file may differ slightly from the example shown.

AuthTrans fn="SiteMinderAgent"

NameTrans fn="assign-name" from="*.jsp*" name="myservletengine"

NameTrans fn="assign-name" from="/servlet/*" name="myservletengine"

NameTrans fn="assign-name" from="/siteminderagent/pwservlet/*" name="servletengine"

NameTrans fn="pfx2dir" from="/siteminderagent/pwcgi" dir="/smhome/siteminder/webagent/pw" name="cgi"

NameTrans fn="pfx2dir" from="/siteminderagent/pw" dir="/smhome/siteminder/webagent/pw"

NameTrans fn="pfx2dir" from="/siteminderagent/certoptional" dir="/smhome/siteminder/webagent/samples"

NameTrans fn="pfx2dir" from="/siteminderagent/jpw" dir="/smhome/siteminder/webagent/jpw"

NameTrans fn="pfx2dir" from="/siteminderagent" dir="/smhome/siteminder/webagent/samples"

PathCheck fn="SmRequireAuth"

#SMSSL The line below should be uncommented for "cert" and "cert plus basic" schemes

PathCheck fn="get-client-cert" dorequest="1"

#SMSSL The line below should be uncommented for "cert or basic" or "cert or form" schemes

PathCheck fn="get-client-cert" require="0" dorequest="1"

#SMSSL Both of the above PathCheck lines should be commented out for "Basic Auth over SSL"

Service method="(GET|POST)" fn="SmAdvancedAuth"

The following items describe the content of the lines that are added to the

obj.conf file:

■

The line that reads AuthTrans fn="SiteMinderAgent" is added to the default

object (<Object name="default">). It sets up the SiteMinder Web Agent as

the Authorization method, or AuthTrans function, for the Web server.

■

The line that reads NameTrans fn="assign-name" from=

"/siteminderagent/pwservlet/*" name="myservletengine" is a filter added

by the Web Agent that maps the JSP Password Services servlet to the

instance of the servlet engine so that engine can process it.