CA IdentityMinder passes entitlement information to applications through SiteMinder Web Agent responses. These responses contain HTTP header variables in response attributes, which the application can use to determine access privileges of a user. Responses are included in SiteMinder policies, which determine how users interact with a protected resource.
SiteMinder administrators can configure a response that includes two types of response attributes to pass information to an application:
The application ID limits the requested set of roles and tasks to a specific application. For example, if you create the following response attribute:
SM_USER_APPLICATION_ROLES:Finance_application
SiteMinder returns the roles that have tasks in the Finance application to the Web Agent, which then passes the information to the Finance application.
Note: The application id you supply must match an application id you supplied when you used Create Access Task in CA IdentityMinder. If the task is not yet created, you can choose any name for the application ID but it cannot contain any spaces or nonalphanumeric characters.
You can specify multiple application IDs in a comma-delimited list to return the set of roles and tasks from multiple applications in a single response attribute. For example, to return the list of roles that a user has in the Finance and Purchasing applications specify in the following way:
SM_USER_APPLICATION_ROLES:Finance, Purchasing
|
Copyright © 2013 CA.
All rights reserved.
|
|