This section contains the following topics:
SiteMinder WSS Agent Functions
The SiteMinder WSS Agent and the Policy Server
SiteMinder WSS Agent Support for Web Servers
The SiteMinder Web Services Security (WSS) Agent for Web Servers is an XML-enabled version of the CA SiteMinder Web Agent that operates with a web server to handle XML messages sent to web service implementations.
When a web consumer (client) application sends an XML message to a URL that is bound to a web service, the SiteMinder WSS Agent intercepts these messages and communicates with the Policy Server to process authentication and authorization requests before the XML message is passed on to the web service. In addition, the Policy Server can provide information that the SiteMinder WSS Agent adds to the XML message, such as a SAML assertion based on the originating client application’s identity.
Note: If you have purchased CA SiteMinder®, you can also use the core Web Agent functionality of the SiteMinder WSS Agent to protect other resources on a Web server. For more information about this functionality, see the CA SiteMinder® documentation—the remainder of this chapter deals specifically with use of the SiteMinder WSS Agent to protect web services.
The SiteMinder WSS Agent performs the following tasks:
To enforce web service access control, the SiteMinder WSS Agent interacts with the Policy Server, where all authentication and authorization decisions are made.
The SiteMinder WSS Agent intercepts XML messages posted to a web server and checks with the Policy Server to see if the requested resource is protected. If the resource is unprotected, the access request proceeds directly to the web server. If the resource is protected, the following occurs:
The SiteMinder WSS Agent can also receive message-specific attributes, in the form of responses, to be passed on to the Web service. A response is a personalized message or other message-specific information returned to the SiteMinder WSS Agent from the Policy Server after authorizing the message. A response consists of name-value attribute pairs that instruct the SiteMinder WSS Agent to generate SAML Session Tickets and WS-Security tokens.
To protect Web services hosted on a web server, you deploy a SiteMinder WSS Agent on that web server (as shown in the following illustration). You then configure authentication and authorization policies for the web service resources hosted on that web server.
For a list of Web server platforms on which the SiteMinder WSS Agent is supported, see the CA SiteMinder® Web Services Security Platform Support matrix on the Technical Support site at http://ca.com/support.
Copyright © 2014 CA.
All rights reserved.
|
|