An Agent in a CA SiteMinder® environment is a network entity that acts as a filter to enforce network access control or Web access control. An Agent monitors requests for resources. When a user requests a protected resource, the Agent prompts the user for credentials based on an authentication scheme, and sends the credentials to a Policy Server.
The Policy Server determines whether or not a user can be authenticated based on the credentials, and whether or not the user is authorized for the requested resource. The Policy Server then communicates with the Agent, which allows or denies access to the requested resource.
Web Agents, Affiliate Agents, EJB Agents, Servlet Agents, and RADIUS Agents are available by default. All other Agents are considered Custom Agents that must be created using the Agent APIs. Once created, you can configure Custom Agents in the Administrative UI.
Web Agents are CA SiteMinder® Agents that operate with Web servers. When a user requests a page from the Web server, the Web Agent communicates with the Policy Server and processes authentication and authorization requests before the user can access the resource from a Web browser. In addition, the Policy Server can provide information that the Web Agent uses to provide personalized content based on a user’s identity.
The following diagram illustrates the three most basic transactions that a Web Agent and Policy Server handle in order to provide access to a protected resource. These transactions can contain more detailed information to enable customized content and support other CA SiteMinder® features, but the process is similar whenever a user attempts to access a resource through a Web server managed by a Web Agent.
The previous figure assumes that a user requests a protected resource for which the user is authorized. The Web Agent checks with the Policy Server to determine if the resource is protected, and the Policy Server indicates that it is protected. The Web Agent gathers credentials from the user and communicates them to the Policy Server.
The Policy Server authenticates the user and informs the Web Agent that the user has been properly identified. Finally, the Web Agent checks with the Policy Server to determine if the user is authorized for the resource. The Policy Server verifies that the user is authorized for the resource, communicates this to the Web gent, and the Web Agent allows the Web server to display the protected resource requested by the user.
Agents that control the same resources and are of the same Agent type (all Web Agents, or all RADIUS Agents) can be grouped.
Note: If you plan to configure support for virtual Web servers, see the Web Agent Configuration Guide.
Remote Authentication Dial-In User Service (RADIUS) is a protocol that enables you to exchange session authentication and configuration information between a Network Access Server (NAS) device and a RADIUS authentication server. The RADIUS protocol is often used by NAS devices that serve as proxy services, firewalls, or dial-up security devices.
A RADIUS Agent secures an entire application that communicates using the RADIUS protocol.
The Policy Server can be used as a RADIUS authentication server. RADIUS Agents allow the Policy Server to communicate with the NAS client devices.
The Application Server Agent is a collection of Java components that provide a full-featured CA SiteMinder® Agent for securing WebLogic and WebSphere application server resources. The Application Server Agent integrates CA SiteMinder® with the J2EE platform.
The Application Server Agent can protect the following components:
The Application Server Agent is a single Agent, but from the perspective of the CA SiteMinder® Policy Server, there are different Agent types that protect application server resources. The Agent types give the Application Server Agent the flexibility to protect servlets, and EJB components in two ways: using the Servlet, or EJB Agent respectively, or using the Web Agent.
Note: For more information on configuring CA SiteMinder® to work with application server Agents, see the CA SiteMinder® Application Server Agent Guide that applies to your platform.
CA SiteMinder® WSS Agents (formerly SOA Agents) integrate with web and application servers to authenticate and authorize requests for access to SOAP/XML-based web services resources hosted on those servers.
Note: For More information about WSS Agents, see the CA SiteMinder® Web Services Security Policy Configuration Guide.
Copyright © 2013 CA.
All rights reserved.
|
|