Configuration GuideIntegrating SiteMinder with Identity ManagerHow to Configure Access Roles › Enable Access Roles in SiteMinder

Previous Topic: Define Owner Rules for an Access Role

Next Topic: SiteMinder-Generated Response Attributes

Enable Access Roles in SiteMinder

A SiteMinder administrator binds roles to security policies that define how users interact with resources. Policies may link the following objects:

You can bind SiteMinder policies to users, or to roles, or to users and roles. When a user or role member attempts to access a protected resource, SiteMinder uses information in the policy to determine whether to grant access, and to trigger responses.

The following figure illustrates the relationship of policy objects in a role-based policy.

SiteMinder policies are created in policy domains, which logically tie user directories to protected resources. The following figure illustrates the relationship of policy objects in a role-based policy.

To supply user entitlements to a protected application, a SiteMinder administrator pairs a rule in the application’s policy with a response. The response contains a SiteMinder-generated response attribute that retrieves entitlement information from Identity Manager.

When SiteMinder authorizes a role member for a protected resource, the following events take place:

  1. The policy’s rule executes in SiteMinder, triggering the paired response.
  2. The Policy Server obtains entitlement information from Identity Manager to include in a response.
  3. The Policy Server passes the response attribute to the Web Agent.
  4. The Web Agent makes the entitlement information available to the application as an HTTP header variable or a cookie.

More information:

SiteMinder-Generated Response Attributes

Checklist for Enabling Access Roles in SiteMinder

Create a SiteMinder Response