This section contains a description of a simple implementation of impersonation. The minimum Policy Server objects required to implement impersonation are:
Impersonation requires a Web Agent and its associated Policy Server Agent object.
Note: To implement impersonation, you must have at least one CA SiteMinder® Web Agent installed in your deployment. More information on installing a Web Agent exists in the Web Agent Installation Guide.
An impersonation authentication scheme based on the Impersonation Authentication Scheme Template is required. For the sample defined in this section, the authentication scheme is named "Impersonation Auth".
Impersonation requires one or more user directory objects that point to user stores which contain impersonators and impersonatees. The two populations of users should be distinguishable due to an attribute value or group membership.
A policy domain is required. For the sample defined in this section, the policy domain is named "Impersonation Domain".
For the sample described in this section, two realms are required: "Impersonation" and "App1". The "Impersonation" realm should use the "Impersonation Auth" authentication scheme. The “App1” realm can use any authentication scheme.
For the sample described in this section, you must configure a rule under the "Impersonation" realm that allows access to all resources for the "Get" action. In other words, an asterisk should be entered in the Resource field for the rule. You must also configure the rules for the impersonation events. One rule allows impersonation if the impersonator is included in an applicable policy, and the other rule allows an impersonatee to be impersonated if included in a different, applicable policy.
A similar set of rules to those in the “Impersonation” Realm should be created under the “App1” realm.
For the sample described in this section, six policies are needed. One policy must be defined for each rule in the "Impersonation" realm, and one policy must be defined for each rule in the "App1" realm.
Copyright © 2013 CA.
All rights reserved.
|
|