Previous Topic: CA SiteMinder® Web Services Security Agent for IBM WebSphere GuideNext Topic: SiteMinder WSS Agent for IBM WebSphere Install Preparation


SiteMinder WSS Agent for IBM WebSphere Introduction

This section contains the following topics:

SiteMinder WSS Agent for IBM WebSphere Overview

Required Background Information

SiteMinder WSS Agent for IBM WebSphere Components

Recommended Reading List

Installation Location References

SiteMinder WSS Agent for IBM WebSphere Overview

The SiteMinder Web Services Security (WSS) Agent for IBM WebSphere resides in a WebSphere Application Server, enabling you to protect WebSphere-hosted JAX-RPC web service resources.

The SiteMinder WSS Agent for IBM WebSphere intercepts all SOAP messages sent over HTTP or HTTPS transport to JAX-RPC web services deployed on the Websphere Application Server. The SiteMinder WSS Agent then communicates with the Policy Server to authenticate and authorize the message sender and, upon successful authentication and authorization, passes the SOAP message on to the addressed web service.

A high-level overview of the SiteMinder WSS Agent for IBM WebSphere Server architecture is shown in the following figure.

Graphical overview of how the WSS Agent for WebSphere protects web services

The SiteMinder WSS Agent for IBM WebSphere provides the following features:

The SiteMinder WSS Agent additionally supports:

Required Background Information

This guide assumes that you have the following technical knowledge:

Additionally, to effectively plan your security infrastructure, you must be familiar with the web services that you plan to protect with CA SiteMinder® Web Services Security.

SiteMinder WSS Agent for IBM WebSphere Components

The SiteMinder WSS Agent for IBM WebSphere consists of two modules that plug into WebSphere's security infrastructure.

SiteMinder WSS Agent JAX-RPC Handler

The SiteMinder WSS Agent JAX-RPC Handler is a custom JAX-RPC Handler that, when added to the deployment descriptor of a JAX-RPC web service, intercepts SOAP message requests for JAX-RPC web services and diverts them to the SiteMinder WSS Agent Login Module for authentication and authorization decisions.

SiteMinder WSS Agent Login Module

The SiteMinder WSS Agent Login Module is a JAAS Login Module that performs authentication and authorization for JAX-RPC web services protected by the SiteMinder WSS Agent for IBM WebSphere.

The SiteMinder WSS Agent Login Module authenticates credentials obtained from the following request types against associated user directories configured in CA SiteMinder® Web Services Security:

If CA SiteMinder® Web Services Security authentication is successful, the SiteMinder WSS Agent Login Module populates a JAAS Subject with a CA SiteMinder® Web Services Security Principal that contains the username and associated CA SiteMinder® Web Services Security session data.

The SiteMinder WSS Agent Login Module then determines whether an authenticated user is allowed to access a protected WebSphere resource, based on associated CA SiteMinder® Web Services Security authorization policies.

Recommended Reading List

To learn about the WebSphere Application Server and Java, see the following resources:

Installation Location References

In this guide: