Configuring a SiteMinder namespace

If you configured SiteMinder for more than one user directory, you must use the SiteMinder namespace type in IBM® Cognos® Configuration. After you add the SiteMinder namespace, you must also add a corresponding LDAP namespace for each user directory in your SiteMinder environment.

You can also use the SiteMinder namespace type if users are stored in an LDAP server or an Active Directory server.

You can hide namespaces from users during login. You can have trusted signon namespaces without showing them on the namespace selection list that is presented when users login. For example, you want to integrate single sign-on across systems but maintain the ability for customers to authenticate directly to IBM Cognos without being prompted to choose a namespace.

Before you begin

To use the SiteMinder namespace, you must obtain the required SiteMinder library files, which are shown in the following table, and add the files to the appropriate library path for your operating system.

Table 1. SiteMinder library files
Operating system SiteMinder library file

AIX

libsmagentapi.so

Microsoft Windows 64-bit

smagentapi.dll

smerrlog.dll

Procedure

  1. On the computer where you installed Content Manager, append the directory that contains the SiteMinder library file to the appropriate library path environment variable.
    • For AIX® operating systems, LIBPATH
    • For Microsoft Windows operating systems, PATH
  2. Open IBM Cognos Configuration.
  3. In the Explorer window, under Security, right-click Authentication, and click New resource > Namespace.
  4. In the Name box, type a name for your authentication namespace.
  5. In the Type list, select the SiteMinder and then click OK.
  6. Select the namespace that you added.
  7. In the Namespace ID property, specify a unique identifier for the namespace.
    Tip: Do not use a colon (:) in the identifier.
  8. Specify values for the other required properties.
    Tip: If you do not want the users to see the namespace name when they log in, set the Selectable for authentication property to False.
  9. In the Explorer window, under Security > Authentication, right-click the namespace that you added, and click New resource > SiteMinder Policy Server.
  10. In the Name box, type a name for the policy server and click OK.
  11. In the Properties window, specify the Host property and any other property values you want to change.
  12. In the Explorer window, right-click the new SiteMinder policy server that you added and click New resource > User directory.
  13. In the Name box, type a name for the user directory and click OK.
    Important: The name must match the name of the user directory that is found in the policy server.
  14. In the Properties window, type a value for the Namespace ID reference property.
  15. Configure a user directory for each user directory in the SiteMinder policy server.
  16. Click File > Save.
  17. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.

    You are prompted to enter credentials for a user in the namespace to complete the test.

    Depending on how your namespace is configured, you can enter either a valid user ID and password for a user in the namespace or the bind user DN and password.

  18. Configure a corresponding LDAP or Active Directory namespace for each user directory.

    Ensure that you use the same value for the Namespace ID property that you use for the Namespace ID property for the SiteMinder namespace.