Siteminder Policy Server in Failover Mode

A Siteminder policy server is an important component of our infrastructure. By any reason if it fails or gets down, no more users will be able to authenticate on their applications using Siteminder.So as to avoid any such situation and assure a smooth functioning we must configure Failover functionality for our Policy Server.Siteminder supports this failover feature by default.

All the Siteminder agents have a bootstrap configuration file called the smHost.conf file located at SITEMINDER_AGENT_HOME/conf/ .The file looks like this

# Host Registration File - /appbin/netegrity/siteminder/webagent/config/SmHost.conf
#
# This file contains bootstrap information required by
# the SiteMinder Agent API to connect to Policy Servers
# at startup.  Be sure the IP addresses and ports below
# identify valid listening Policy Servers.  Please do not
# hand edit the encrypted SharedSecret entry.
#

hostname="tr_zdidmwebmsc"
sharedsecret="{RC2}M98P+Yoqczu42gQO3Htcz7FBUjZUJAO5F38ERtic79jdGoWUa5oyLc"
hostconfigobject="GECF_SSO_HOST"
# Add additional bootstrap policy servers here for fault tolerance.
policyserver="3.246.27.94,44441,44442,44443"
requesttimeout="60"
cryptoprovider="BSAFE"

# <EOF>

Locate  policyserver parameter and add  as many Policy Server parameter as policy server you want it to use during its bootstrap. For example :

1.policyserver=hostnameServer1,44441,44442,44443
2. …..  …..  …..
3.policyserver=hostnameServer3,44441,44442,44443

1. Configure more than one Policy Server.
2. Configure all Policy Servers to use a common policy store.
3. Set the EnableFailover parameter.To enable failover, set the EnableFailover parameter to yes.

A trusted host is a client that is registered with the Policy Server and is, therefore, allowed to connect to the Policy Server. You can modify Trusted Host configuration settings in two places:

  • Host Configuration file (SmHost.conf)—holds initialization parameters for the Trusted Host. Once the Trusted Host connects to a Policy Server, the Trusted Host uses the settings in the Host Configuration Object named in the hostconfigobject parameter of SmHost.conf.
  • Host Configuration Object—holds parameters for a Trusted Host. Except for initialization parameters, Trusted Host parameters are always maintained in a Host Configuration Object.
Once the trusted host initializes, the parameter settings in the Host Configuration Object take effect.The operation mode of the trusted host determines how it will work with multiple Policy Servers. There are two operation modes: failover and round robin.Failover is the default operation mode. When the trusted host initializes, it operates in Failover mode.In this mode, every trusted host request is delivered to the first Policy Server in the list. If that Policy Server does not respond, the trusted host marks it unavailable and redirects the request to the next Policy Server in the list. If a previously failed Policy Server recovers, it is returned to its original place in the list.

4 Responses to“Siteminder Policy Server in Failover Mode”

  1. chinna
    September 16, 2012 at 6:59 PM #

    yes. i got it. thank u so much vaibhav. i have couple of questions,
    1.How can we do policy store and policy server clustering?
    2.What is Cookie provider? How does cross domain SSO works?

  2. September 17, 2012 at 4:42 PM #

    For your second question please check
    http://vaibhav181.wordpress.com/2012/09/17/single-sign-on-across-multiple-domains/

    For a more detailed discussion please refer to

    http://www.yashita.in/2011/09/siteminder-cookie-provider.html

  3. chinna
    September 25, 2012 at 6:16 AM #

    Thanks vaibhav. both are helped me. can u share your personal mail id with me?

  4. Mohan
    September 2, 2013 at 4:39 PM #

    Hi Vaibhav,Can you please share your Email id I have couple of question on federation….Please help me.

Leave a Reply

Your email address will not be published. Required fields are marked *

(Required)

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com