|
|
|
The components used by a SiteMinder Agent for SAP Web Application Server include the following items:
A user refers to a web browser of an end user. A client is the HTTP-based web client, which accesses the J2EE engine of the SAP Web Application Server.
When the SiteMinder Agent for SAP Web AS operates in SSO mode, the agent-supported web server runs as a front-end to the SAP Web Application Server J2EE engine. The applications that are deployed on the J2EE engine are accessible through the SiteMinder supported front-end web server.
The SiteMinder Web Agent is configured on the web server, which protects the application on this web server and the J2EE engine that is accessed through the web server.
The web server also hosts the SiteMinder SessionLinker web server plug-in. The SessionLinker intercepts the requests and tracks the Web AS J2EE session against the SiteMinder Session ID using the following items:
The SiteMinder SessionLinker synchronizes the SiteMinder session with the third-party application session for better security. For example, if a user logs out of the third-party application, the SiteMinder SessionLinker logs the user out of SiteMinder. Conversely, if a user logs out of SiteMinder, the SessionLinker invalidates the related session of the third-party application.
Note: The SiteMinder SessionLinker only supports a SiteMinder Agent for SAP Web AS that is running in SSO Mode. The SiteMinder SessionLinker is not used when a SiteMinder Agent for SAP Web AS operates in Federation Mode.
When the SiteMinder Agent for SAP Web AS operates in SSO mode, the SiteMinder Policy server governs access to the applications deployed on the web server and the SAP Web Application Server J2EE engine.
The Policy Server also hosts the SessionLinker Policy Server plug-in.
Note: The SessionLinker only supports a SiteMinder Agent for SAP Web AS for SAP Web AS that is running in SSO Mode. The SessionLinker is not used when a SiteMinder Agent for SAP Web AS for SAP Web AS operates in Federation Mode.
The SAP Web Application Server J2EE engine is a J2EE-compliant operating environment for running J2EE applications. Login stacks or authentication templates protect the applications that are deployed on the J2EE engine. The login stacks or authentication templates consist of JAAS-compliant login modules, which are also deployed on the J2EE engine.
The following login modules are deployed as part of the login stack:
Custom JAAS-compliant login module that validates the SiteMinder session of the user with the SiteMinder Java Agent API.
Web AS J2EE engine login module, which creates the MYSAPSSO2 ticket for the authenticated user. The J2EE engine supports the use of logon tickets for SSO in an SAP system environment. The logon ticket is stored as a session cookie, named MYSAPSSO2, in the web browser of the user.
CA Federation Manager enables customers to establish federated partnerships in a flexible way, together with or independent of a Web access management system. Federation Manager supports standards-based federation. Organizations act as the asserting party, providing user authentication and assertion of identity, or as the relying party, consuming the identity to allow access to web resources and services.
| Copyright © 2012 CA. All rights reserved. |
|