This section contains the following topics:
SiteMinder WSS Agent for IBM WebSphere Overview
Required Background Information
SiteMinder WSS Agent for IBM WebSphere Components
Installation Location References
The SiteMinder Web Services Security (WSS) Agent for IBM WebSphere resides in a WebSphere Application Server, enabling you to protect WebSphere-hosted JAX-RPC web service resources.
The SiteMinder WSS Agent for IBM WebSphere intercepts all SOAP messages sent over HTTP or HTTPS transport to JAX-RPC web services deployed on the Websphere Application Server. The SiteMinder WSS Agent then communicates with the Policy Server to authenticate and authorize the message sender and, upon successful authentication and authorization, passes the SOAP message on to the addressed web service.
A high-level overview of the SiteMinder WSS Agent for IBM WebSphere Server architecture is shown in the following figure.
The SiteMinder WSS Agent for IBM WebSphere provides the following features:
The SiteMinder WSS Agent additionally supports:
This guide assumes that you have the following technical knowledge:
Additionally, to effectively plan your security infrastructure, you must be familiar with the web services that you plan to protect with CA SiteMinder® Web Services Security.
The SiteMinder WSS Agent for IBM WebSphere consists of two modules that plug into WebSphere's security infrastructure.
The SiteMinder WSS Agent JAX-RPC Handler is a custom JAX-RPC Handler that, when added to the deployment descriptor of a JAX-RPC web service, intercepts SOAP message requests for JAX-RPC web services and diverts them to the SiteMinder WSS Agent Login Module for authentication and authorization decisions.
The SiteMinder WSS Agent Login Module is a JAAS Login Module that performs authentication and authorization for JAX-RPC web services protected by the SiteMinder WSS Agent for IBM WebSphere.
The SiteMinder WSS Agent Login Module authenticates credentials obtained from the following request types against associated user directories configured in CA SiteMinder® Web Services Security:
If CA SiteMinder® Web Services Security authentication is successful, the SiteMinder WSS Agent Login Module populates a JAAS Subject with a CA SiteMinder® Web Services Security Principal that contains the username and associated CA SiteMinder® Web Services Security session data.
The SiteMinder WSS Agent Login Module then determines whether an authenticated user is allowed to access a protected WebSphere resource, based on associated CA SiteMinder® Web Services Security authorization policies.
To learn about the WebSphere Application Server and Java, see the following resources:
In this guide:
Copyright © 2014 CA.
All rights reserved.
|
|