This section contains the following topics:
Policy Server Management Console Overview
SiteMinder consists of two core components:
The Policy Server provides policy management, authentication, authorization, and accounting.
Integrated with a standard Web server or application server, SiteMinder Agents enable SiteMinder to manage access to Web applications and content according to predefined security policies. Other types of SiteMinder Agents allow SiteMinder to control access to non-Web entities. For example, a SiteMinder RADIUS Agent manages access to RADIUS devices, while a SiteMinder Affiliate Agent manages information passed to an affiliate’s Web site from a portal site.
The Policy Server typically runs on a separate Windows or Solaris system to perform SiteMinder’s key security operations. The Policy Server provides the following:
The Policy Server supports a range of authentication methods. It can authenticate users based on user names and passwords, via tokens, using forms based authentication, and through public-key certificates.
The Policy Server is responsible for managing and enforcing access control rules established by the Policy Server administrator. These rules define the operations that are allowed for each protected resource.
The Policy Server can be configured using the CA SiteMinder Administrative UI. The Administration service of the Policy Server is what allows the Administrative UI to record configuration information in the Policy Store.
The Policy Server generates log files that contain auditing information about the events that occur within the system. These logs can be printed in the form of predefined reports, so that security events or anomalies can be analyzed.
The Policy Server provides features for monitoring activity throughout a SiteMinder deployment.
The following figure illustrates a simple SiteMinder environment.
In a Web implementation, a user requests a resource through a browser. That request is received by the Web Server and intercepted by the SiteMinder Web Agent. The Web Agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy Server. The Policy Server authenticates the user against native user directories, then verifies if the authenticated user is authorized for the requested resource based on rules and policies contained in the Policy Store. Once a user is authenticated and authorized, the Policy Server grants access to protected resources and delivers privilege and entitlement information.
Note: Other types of Agents can be created using the Agent API.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|