Previous Topic: CA SiteMinder® Web Services Security Agent for Oracle WebLogic GuideNext Topic: SiteMinder WSS Agent for WebLogic Install Preparation


SiteMinder WSS Agent for Oracle WebLogic Introduction

This section contains the following topics:

SiteMinder WSS Agent for Oracle WebLogic Overview

Required Background Information

SiteMinder WSS Agent for Oracle WebLogic Components

Installation Location References

SiteMinder WSS Agent for Oracle WebLogic Overview

The SiteMinder Web Services Security (WSS) Agent for Oracle WebLogic (formerly SOA Agent) resides in a WebLogic application server, enabling you to protect WebLogic-hosted JAX-RPC web service resources.

The SiteMinder WSS Agent for Oracle WebLogic intercepts all SOAP messages sent over HTTP(S) or JMS transports to JAX-RPC web services deployed on the WebLogic Server. The SiteMinder WSS Agent then communicates with the Policy Server to authenticate and authorize the message sender and, upon successful authentication and authorization, passes the SOAP message on to the addressed web service.

A high-level overview of the SiteMinder WSS Agent for Oracle WebLogic Server architecture is shown in the following figure.

Overview diagram showing how the WSS Agent works with the Policy Server to protect web service resources

The SiteMinder WSS Agent for Oracle WebLogic provides the following features:

The SiteMinder WSS Agent additionally supports:

Required Background Information

This section is not intended for users who are new to Java, J2EE standards, or application server technology. It assumes that you have the following technical knowledge:

Additionally, to effectively plan your security infrastructure, you must be familiar with the web services that you plan to protect with CA SiteMinder® Web Services Security.

SiteMinder WSS Agent for Oracle WebLogic Components

The SiteMinder WSS Agent for Oracle WebLogic consists of two modules that plug into the WebLogic security infrastructure.

SiteMinder WSS Agent JAX-RPC Handler

The SiteMinder WSS Agent JAX-RPC Handler is a custom JAX-RPC Handler that, when added to the deployment descriptor of a JAX-RPC web service, intercepts SOAP message requests for JAX-RPC web services and diverts them to the SiteMinder WSS Agent Login Module for authentication and authorization decisions.

SiteMinder WSS Agent Login Module

The SiteMinder WSS Agent Login Module is a JAAS Login Module that performs authentication and authorization for JAX-RPC web services protected by the SiteMinder WSS Agent for Oracle WebLogic.

The SiteMinder WSS Agent Login Module authenticates credentials obtained from the following request types against associated user directories configured in CA SiteMinder® Web Services Security:

If CA SiteMinder® Web Services Security authentication is successful, the SiteMinder WSS Agent Login Module populates a JAAS Subject with a CA SiteMinder® Web Services Security Principal that contains the username and associated CA SiteMinder® Web Services Security session data. The SiteMinder WSS Agent Login Module then determines whether an authenticated user is allowed to access a protected WebLogic resource, based on associated CA SiteMinder® Web Services Security authorization policies.

Installation Location References

In this guide: