Which SiteMinder Security Providers Do I Need?

Agent Guide › Overview › Which SiteMinder Security Providers Do I Need?

Which SiteMinder Security Providers Do I Need?

The SiteMinder security provider modules you require depend on your WebLogic access control needs. Select the security provider modules according to the functionality you require, being careful to verify that the upstream and downstream requirements (that is, requirements from elements before and after in the flow of data in the security framework) of security providers match up as shown in the following table.

Security Provider	Upstream Requirements	Downstream Requirements
SiteMinder Identity Asserter (for SMSESSION cookies)	A trusted issuer of SiteMinder session cookies.	None.
SiteMinder Identity Asserter (for X.509 certificates)	A trusted issuer of X.509 certificate tokens.	Requires SiteMinder Authentication Provider to authenticate identities obtained from X.509 certificates.
SiteMinder Identity Asserter (for challenged requests)	None.	SiteMinder Authentication Provider to authenticate credentials obtained by the configured authentication scheme.
SiteMinder Authentication Provider	Requires SiteMinder Identity Asserter to validate and obtain user identity and SiteMinder session information from SiteMinder session cookies and X.509 certificates. Does not accept users obtained from other Identity Asserters.	None.
SiteMinder Authorization Provider	Requires subject populated by SiteMinder Authentication provider (containing a SiteMinder principal). ABSTAINs from other authorization decisions.	Requires SiteMinder Adjudication Provider to resolve authorization disputes with other authorization providers.
SiteMinder Adjudication Provider	Requires SiteMinder Authorization Provider to be one of the configured authorization providers.	-N/A-

However, it is likely that most deployments fall into one of the following two scenarios:

Problem	Solution
You need to establish a trust relationship between the SiteMinder and WebLogic Single-Sign On (SSO) environments so that HTTP clients authenticated by SiteMinder are not rechallenged by WebLogic when they access Web applications hosted by a WebLogic Server. You have existing WebLogic or application-based authorization policies that are sufficient for your needs.	Configure just the SiteMinder Identity Asserter.
You need to implement SiteMinder authentication and authorization policies for all requests for Web and server-side applications.	Configure the complete SiteMinder Agent solution, comprising of: SiteMinder Authentication Provider SiteMinder Authorization Provider SiteMinder Adjudication Provider SiteMinder Identity Asserter (optional, if perimeter authentication required)

Problem

Solution

You need to establish a trust relationship between the SiteMinder and WebLogic Single-Sign On (SSO) environments so that HTTP clients authenticated by SiteMinder are not rechallenged by WebLogic when they access Web applications hosted by a WebLogic Server.

You have existing WebLogic or application-based authorization policies that are sufficient for your needs.

Configure just the SiteMinder Identity Asserter.

You need to implement SiteMinder authentication and authorization policies for all requests for Web and server-side applications.

Configure the complete SiteMinder Agent solution, comprising of:

SiteMinder Authentication Provider
SiteMinder Authorization Provider
SiteMinder Adjudication Provider
SiteMinder Identity Asserter (optional, if perimeter authentication required)

Email CA about this topic