Documentum provides one authentication plug-in with Content Server, this plug-in
allows you to use the Netegrity SiteMinder Policy Server with Content Server. The
plug-in supports Web-based Single Sign-On (SSO) and strong authentication.


Documentum Netegrity Authentication Plugin 'dm_netegrity'
=========================================================
The Documentum Netegrity Authentication Plugin allows the Documentum Content Server to authenticate users based on Netegrity Single Sign-On tokens instead of passwords. This enables Documentum web application for Netegrity Single Sign-On. In order to use this plugin, it is necessary to purchase the Netegrity SiteMinder product.

Before installing documentum netegrity plugin, Please check if the following requirements are met

1. Create 4.x web-agent on policy server using the Policy Server User Interface. Click the check box for
"Support 4.x agents" and enter the relevant information like shared secret. This is required because the plugin is
custom agent and Policy Server will communicate with the plugin only when the "support for 4.x agents" option is
enabled. (See Policy Server Design Manual).

2. Check whether dm_user object created for the netegrity user has either user_name, user_os_name or user_ldap_dn attribute
set to the value that matches the user credentials that was used to get the token at the application server side
integration.
This is required because plugin not only validates the token, it retrieves the user credentials
from the session specification. The plugin checks if this value from the session
specification matches with any one of the settings of the user_name, user_os_name or user_ldap_dn.


To install the Documentum Netegrity authentication plugin, follow these instructions:

1. Copy the file
dm_netegrity_auth.dll (Windows) or
dm_netegrity_auth.so (Solaris / AIX / Linux)
dm_netegrity_auth.sl (HPUX)
to the authentication plugin location (usually $DOCUMENTUM/dba/auth).

2. Copy the file dm_netegrity_auth.ini to the same location.
Edit this file and set all mandatory parameters.

3. Copy the supporting shared libraries:
Windows: copy the files smagentapi.dll & smerrlog.dll to %DM_HOME%\bin
Solaris/AIX: copy the files libsmagentapi.so & libsmerrlog.so to $DM_HOME/bin
Linux: copy the files libsmagentapi.so, libsmcommonutil.so & libsmerrlog.so to $DM_HOME/bin
HPUX: copy the files libsmagentapi.sl & libsmerrlog.sl to $DM_HOME/bin

4. Restart the docbase. You can verify that the plugin has been loaded by looking in the main server log file ($DOCUMENTUM/dba/log/.log) for an entry starting with "[DM_SESSION_I_AUTH_PLUGIN_LOADED]info".

This completes the server-side installation. Refer to the WDK documentation to setup the application server side.


To test the plugin infrastructure turn on server tracing flag "trace_authentication". The tracing information will be
written to the server log and plugin specific tracing will be written into dm_netegrity_.log that resides in
$DOCUMENTUM/dba/log directory.