Thursday, June 28, 2012

Basic Limitations of FSS UI with WAMUI (12.0)

In this I am going to post few points about Limitations of FSS UI when compared with WAMUI.

  • WAM UI is completely web based so it can be accessible from any where. FSS UI is applet based. 
  • After connecting to Report Server from policy server, We can configure Reports and Audits in WAM UI.
  • In FSS UI we cannot configure Reports and View Reports. 
  • WAM UI have new feature called "Application" which is not available in FSS UI.
  • "Application" in WAM UI is similar to Domain in FSS UI. 
  • WAM UI has clear division of Policy Objects like "Administration", "Infrastructure", "Polices" etc., but which are cluttered in FSS UI. 
  • WAM UI can be installed in separate server (Not only in Policy Server), FSS UI is available only in Policy server. 
  • We can register and access multiple policy servers with single WAM UI, which is not possible in FSS UI
WAMUI(12.5): 

Following image is for WAM UI 12.5 which even have Federation. 


Thanks !!!

Tuesday, June 26, 2012

Basic Limitations of WAMUI(12.0) from FSSUI

Hi,

In this I am going to post limitations of WAMUI that I have observed when compared with FSSUI. This would be helpful for the people who wants to Migrate from Siteminder 6.0 to Siteminder 12.0

  • Need to install additional components for it. Wont come with Policy server. There are two additional components that need to be installed for getting WAMUI, they are Pre-requisite for WAMUI and WAMUI Installer 
  • Federation configuration is not supported in siteminder 12.0 WAMUI. 
  • Additional Hardware is required for wamui installation. 
  • Challenging for the people who worked only on fssui
  • If port is open for every one wamui is accessible for all. so need to takecare of WAMUI port separately, which may cause security issue. 
Thanks !!! 

Monday, June 25, 2012

Webagent Registration with Policy server Part1


Webagent registration with Policy server goes in two parts:

First we need to check all the pre-requisites and Second we need to register.  

Pre-requisite:   

1) Check if ports are open from Webserver to Policy server.

Refer:
http://iamexp.blogspot.com/2012/06/policy-server-default-ports-and-working.html

2)Siteminder Admin Username and password should be correct.

3) Need Trusted Host Name (Need to verify in FSS UI or WAM UI) after registration Trusted host should get created in Policy server. If trusted host is not created then registration is not proper. 

4)ACO(Agent Configuration Object) should be created.


5)HCO(Host Configuration Object) should be created.


6) Requires Policy Server Hostname or IP

7) User should have full permission on folder where smhost.conf file is going to create.

are the basic pre-requisites for Webagent Registration. 

Continue your journey with Part 2: 



Wednesday, June 13, 2012

Policy Server Default Ports and Working


Policy server mainly works on following ports:


Path(Windows):::: Start -> CA -> Siteminder -> Policy Server Management Console -> Settings (tab)


Default Policy server ports:
  • Accounting Port 44441  All Accounting requests in Policy server are handled on this port
  • Authentication Port 44442 All Authentication requests  in Policy servers are handled on this port
  • Authorization Port 44443   All Authorization requests in Policy server are handled on this port
  • Administration Port 44444  All Administration requests in Policy server are handled on this port
Note: 44442 and 44443 ports needs to be open from Webserver to Policy server for webagent to send Authentication and Authorization requests. 

Friday, June 8, 2012

Policy Server Status and Batch file scheduling

This post is mainly for knowing policy server status and scheduling batch file to print policy server status on smps log every 5 mins.

To print policy server status use simple command "smpolicysrv -stats"

Batch file: (Open notepad, copy and paste below 6 lines and save as status.bat)


@echo off
REM - File: SiteMinderPolicyServerstatus.bat
REM - Description: SiteMinder Policy Server status
echo SiteMinder Policy Server status
smpolicysrv -stats
echo status printed


To test batch file just open command prompt and run the batch file. Following lines should be printed in smps log


[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:7457][INFO] Server 'Stats' command received
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4662][INFO] ===================================================================================
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4663][INFO] System Statistics
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4680][INFO] Thread pool limit: 8
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4700][INFO] Thread pool: Msgs=6 Waits= 6 Misses=  2 Max HP Msg=   1 Max NP Msg=    1 Current Depth=     0 Max Depth=      1 Current High Depth=       0 Current Norm Depth=        0 Current Threads=         2 Max Threads=          2
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4708][INFO] Connections: Current=0 Max= 2 Limit=256 Exceeded limit=   0
[2148/3352][Thu Jun 07 2012 22:23:05][CServer.cpp:4711][INFO] ===================================================================================



Upto now we have seen how to create batch for printing status. Now we will see how to schedule batch file every five minutes so that policy server status will get printed in smps log every 5 mins.


1) Go to task scheduler as shown in figure 1


Figure 1
2) click on create task as shown in figure 2

Figure 2
 3) Give some name go to triggers tab as shown in figure 3
Figure 3
 4) click new in triggers tab as shown in figure 4


Figure 4
 5)  select daily, recur every 1 day, Repeat task every 5 mins, for duration of "select indefnetly", check enabled as shown in figure 5 and click ok


Figure 5
 6) go to actions tab and click new as shown in figure 6


Figure 6

 7) select path of script by clicking on browse and click ok as shown in figure 7
Figure 7

8) And click ok, batch will run every 5 mins and status will get printed every 5 mins in smps log.


Thanks !!!

Other Posts