Integrating with CA IdentityMinder lets you can implement policy–based access control using CA IdentityMinder roles. These roles enable centralized management of user privileges in external applications.
Note: For more information about configuring the integration, see the CA Identity Manager documentation.
The integration requires:
siteminder_home\xps\dd
Specifies the Policy Server installation path.
IdmSmObjects.xdd
Important! Do not import this file in to the policy store until you have completed the CA IdentityMinder integration. If you import the data definitions before completing the integration, the Policy Server can reach an indeterminate state. Coordinate the integration with your CA IdentityMinder administrator.
Note: For more information about environments and roles, see the CA IdentityMinder documentation.
Note: You cannot apply a CA IdentityMinder role to an enterprise management application.
CA SiteMinder® can also provide details about entitlements that a CA IdentityMinder user has in protected applications. As the following figure illustrates, a CA SiteMinder® administrator associates a response with an access rule in the policy. The response contains a response attribute that specifies a CA SiteMinder®–generated user attribute.
The CA SiteMinder®–generated user attribute retrieves task information from CA IdentityMinder. The Policy Server passes this information to the web agent as an HTTP header variable or a cookie. The web agent makes the header variable or cookie available to the protected application for fine–grained access control.
Copyright © 2014 CA.
All rights reserved.
|
|