Installation guide
Register a Trusted Host in GUI or Console Mode
64 Web Agent Installation Guide
■ Admin Password—enter the administrator‘s password.
■ Confirm Admin Password—re-enter the password.
■ Enabled Shared Secret Rollover—check this box to periodically change
the shared secret used to encrypt communication between the trusted
host and the Policy Server. Key rollover must be enabled at the Policy
Server for this feature to work.
Important: If you enable shared secret rollover, the user who owns the
web server process must have permissions to write to the SmHost.conf
file. If this file cannot be modified by this user, then the shared secret
rollover cannot be updated.
For example, for Sun Java System and Apache web servers, the person
specified by the User directive needs write permission to the
SmHost.conf file. If the SmHost.conf file is owned by User1 and no other
user has write permissions, the shared secret rollover is not written to
the SmHost.conf file if User2 owns the server process.
5. In the Trusted Host Name and Configuration Object dialog box, enter values
for the two fields then click Next.
a. In the Trusted Host Name field, enter a unique name that represents the
trusted host to the Policy Server. This name does not have to be the
same as the physical client system that you are registering; it can be any
unique name, for example, mytrustedhost.
Note: This name must be unique among trusted hosts and not match
the name of any 4.x Web Agent. It can be the same name as a 5.0 Web
Agent, but this is not recommended.
b. In the Host Configuration Object field, enter the name of the Host
Configuration Object specified in the Policy Server, then click Next.
This object defines the connection between the trusted host and the
Policy Server. To use the default, enter DefaultHostSettings. In most
cases, you will use your own Host Configuration Object.
Note: The entry you specify must match the Host Configuration Object
entry set at the Policy Server.
6. In the Policy Server IP Address dialog box:
a. Enter the IP address, or host name, and the authentication port of the
Policy Server where you are registering the host. The default port is
44442. If you do not provide a port, the default is used.
You can specify a non-default port number, but if you are using a
nondefault port and you omit it, SiteMinder displays the following error:
Registration Failed (bad ipAddress[:port] or unable to connect to
Authentication server (-1))