Previous Topic: Policy Server Administration GuideNext Topic: Policy Server Management Tasks


Policy Server Management

This section contains the following topics:

Policy Server Management Overview

Policy Server Management Tasks

Policy Server Management Overview

The Policy Server provides a platform for access control that operates in conjunction with other CA products, including:

Note: For information about SiteMinder and policy-based resource management, see the Policy Server Configuration Guide.

Policy Server Components

A Policy Server environment consists of two core components:

Additional components are included with various CA products, for example, CA SiteMinder® Agents. CA SiteMinder® Agents are integrated with a standard Web server or application server. They enable CA SiteMinder® to manage access to Web applications and content according to predefined security policies. Other types of CA SiteMinder® Agents allow CA SiteMinder® to control access to non-Web entities. For example, a CA SiteMinder® RADIUS Agent manages access to RADIUS devices, while a CA SiteMinder® Affiliate Agent manages information passed to an affiliate’s Web site from a portal site.

Policy Server Operations

The Policy Server provide access control and single sign-on. It typically runs on a separate Windows or UNIX system, and performs the following key security operations:

The following diagram illustrates a simple implementation of a Policy Server in a SiteMinder environment that includes a single SiteMinder Web Agent.

Graphic showing a Policy Server implementation in a SiteMinder environment including an agent

In a Web implementation, a user requests a resource through a browser. That request is received by the Web Server and intercepted by the SiteMinder Web Agent. The Web Agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy Server. The Policy Server authenticates the user against native user directories, then verifies if the authenticated user is authorized for the requested resource based on rules and policies contained in the Policy Store. When a user is authenticated and authorized, the Policy Server grants access to protected resources and delivers privilege and entitlement information.

Note: Custom Agents can be created using the SiteMinder Agent API. For more information, see the Programming Guide for C.

Policy Server Administration

The following diagram illustrates the Policy Server administrative model:

Graphic showing the Policy Server administrative model

  1. Policy Server—The Policy Server provides policy management, authentication, authorization, and accounting services.
  2. Policy store ‑ The policy store contains all of the Policy Server data. You can configure a policy store in a supported LDAP or relational database.
  3. Administrative UI—You use the Administrative UI to manage CA SiteMinder® administrator accounts, objects, and policy data through the Policy Server. You configure a directory XML file, an administrator user store, and an object store when installing the Administrative UI:
  4. Report server and databases—You can create and manage a collection of CA SiteMinder® policy analysis and audit reports from the Administrative UI. A report server and report database are required to use the reporting feature. The report server and report database are required to run policy analysis reports. The report server and audit database are required to run audit-based reports.