Configuring the Portal for Netegrity
SiteMinder Authentication 
Use
The Enterprise Portal allows you to delegate user authentication to the Netegrity SiteMinder product. Netegrity SiteMinder is a solution for securely managing user access to e-business Web sites. This may be useful if, for example, you are already using Netegrity SiteMinder to protect other resources in your company.
You may also want to integrate Netegrity SiteMinder if you wish to use authentication mechanisms that are not directly supported by SAP Portals Enterprise Portal, such as token cards or biometrics. The Enterprise Portal supports a level of integration with Netegrity SiteMinder that allows any method of authentication through the SiteMinder Web Agent.
When used with the Enterprise Portal, authentication with Netegrity SiteMinder works as follows: Netegrity SiteMinder authenticates the portal user and returns an authenticated user ID to the Portal Server as part of the HTTP header. The Portal Server that is configured for external authentication uses the returned user ID to log the user on to the portal and does not perform any additional authentication of the user.
An SAP logon ticket is still generated and stored in the user's browser to enable Single Sign-On in the portal.
Prerequisites
You have installed the Netegrity SiteMinder Policy Server on any machine.
You have installed the Netegrity SiteMinder Web Agent on the same machine as the Portal Server.
The users configured to be authenticated by the SiteMinder product must exist in the corporate LDAP directory defined in the Directory Server tab in the configuration tool (see: Defining Location of Central User Data Repository). This is because, even if SiteMinder does not authenticate users against the corporate LDAP directory, the user data in the corporate LDAP directory is used by applications in the Enterprise Portal.
If you are using JRun as your Java servlet engine, make sure that the SiteMinder ISAPI filter (installed on the IIS Web server and not website level) precedes the JRun filter (is higher in the list of filters). Otherwise, the Java servlet engine will not be protected.
Procedure
To set up the Enterprise Portal for authentication using Netegrity SiteMinder, you must configure both the Enterprise Portal and SiteMinder.
Configuring Netegrity SiteMinder
...
1. Configure the connection between the Policy Server and the Web Agent.
2. Configure the Web Agent to protect the SAPPortal and CommonTools directories under the Default Web site directory in the Internet Information Server (IIS).
3. Configure the Web Agent to protect the following URLs:
¡ ../hrnp$30001 URLs that are directed at the Portal Server and handled by it
¡ .../irj URLs that are handled by the Java servlet engine.
¡ …/scripts
4. If you are protecting a unifier, configure the Web Agent to protect the following:
¡ Unifier project directory protecting direct URLs for files inside the Unifier project.
¡ .../hrnp$30000 URLs which are directed at the Unification Server and handled by it
For more detailed information on how to perform these steps, refer to the Netegrity documentation.
Configuring the Enterprise Portal
...
...
1. Log on to the Enterprise Portal as administrator.
2. Choose System Configuration ® User Management Configuration ® Authentication Server.
3. Set User Authentication Type to External.
4. Enter HTTP_SM_USER in User Name Header.
This field defines the name of the HTTP header in which the user ID is supplied by the external mechanism of authentication. The default header used for this purpose by SiteMinder is called HTTP_SM_USER.
5. Restart IIS and the Java servlet engine.
Result
When users log on to the portal, the SiteMinder authentication dialog appears and users enter their user ID and password. If a user's browser already contains a valid SiteMinder session cookie (from another application the user used before he or she logged on to the portal), the user can log on to the portal without any authentication dialog.