INFO: SiteMinder Integration

Summary

RMTrack supports the use of SiteMinder for application login/authorization. The configuration (or installation) of SiteMinder is beyond the scope of this document.

Getting SiteMinder itself configured and working properly on IIS for .NET web applications can be tricky. RMTrack can provide a simple test application that can be used to show whether or not SiteMinder has been correctly installed and configured. Contact support for details.

SiteMinder integration testing can be done without the use of a SiteMinder installation, see the 'SETTING UP A TEST ENVIRONMENT' section below.

Configuration

The RMTrack virtual directory must be configured for Windows authentication. See KB023 for how to setup Windows authentication (specifcally the '...for IIS 7 and 7.5 (Windows Server 2008 and 2008 R2)' section).
The AppSetting UseSiteMinder must be set to "true".
The AppSetting SiteMinderServerVariable must be set to the name of the server variable that contains the SiteMinder user id. The SiteMinder administrator has to provide this name.
If the SiteMinder user ids do not directly match RMTrack user ids then the "Use Secondary User Id" can be used to allow an RMTrack user id to be correlated with a SiteMinder user id. NOTE: this should be configured after setting up Windows authentication, but before setting the UseSiteMinder AppSetting to true.

web.config SiteMinder AppSettings

UseSiteMinder: UseSiteMinder for logon security. Default value: false. Allowed values: true, false, or empty/not specified
SiteMinderServerVariable: The Request.ServerVariables variable name that holds the site minder user id. Default value: HTTP_SM_USER.
SiteMinderTestUserId: For testing purposes only. No default value. If set then all accesses to the application will be automatically authenticated as this user. DO NOT use this setting outside of a private test environment.
SiteMinderTestEIN: For testing purposes only by the GetEinDetails.asp custom page. No default value. If set then all accesses to the application will use this EIN number as the current user's EIN number.

web.config LDAP AppSettings for GetEinDetails.aspx

This is a customization that supports various interactions with an LDAP server to fetch details about specified users.

LDAP_ServerName: The full URI for the LDAP server. Default value: LDAP://de-ldap.nat.bt.com/ou=people,ou=btplc,o=bt
LDAP_AuthenticationType: The System.DirectoryService.AuthenticationTypes enum flag setting used when connecting to the LDAP server. Default value: FastBind | ReadonlyServer
LDAP_UserId: The user id to access the LDAP server. Default value: cn=TestUser,o=bt ldap
LDAP_Password: The password for the LDAP_UserId user. Default value: testpassword
LDAP_Query: The query to lookup a specific EIN on the LDAP server. The macro {EIN} is replaced with specified EIN value. Default value: (cn={EIN})
LDAP_QueryByLastName: The query to search for LDAP records by last name. The macro {LastName} is replaced with specified last name value. Default value: (sn=*{LastName}*)
LDAP_QueryByLastAndFirstNames: The query to search for LDAP records by last and first names. The macros {LastName} and {FirstName} are replaced with the specified last and first name values. Default value: (&(sn=*{LastName}*)(givenname=*{FirstName}*))
LDAP_Field_EMailAddress: The name of the LDAP field that contains the email address of the specifed user. Default value: email
LDAP_Field_PhoneNumber: The name of the LDAP field that contains the phone number of the specifed user. Default value: telephoneNumber
LDAP_Field_OpUnitCode: The name of the LDAP field that contains the op unit code of the specifed user. Default value: btPersonOUC
LDAP_Field_Name: The name of the LDAP field that contains the full name of the specifed user. Default value: fullname
LDAP_Field_JobTitle: The name of the LDAP field that contains the job title of the specifed user. Default value: title

Setting up a test environment