|
|
|
The SiteMinder Authorization Provider determines whether an authenticated user is allowed to access a protected WebLogic resource, based on associated SiteMinder policies configured using the Administrative UI.
Note: The SiteMinder Authorization Provider only accepts subjects populated by the SiteMinder Authentication Provider that contain a principal containing SiteMinder session data (required to prove that SiteMinder authentication has occurred). The SiteMinder Authorization provides an ABSTAIN authorization decision for any other subject passed to it.
Like all WebLogic authorization providers, the SiteMinder Authorization Provider provides PERMIT, DENY, or ABSTAIN authorization decisions based on the policies configured for a particular resource and a number of other contributing factors (as shown in the following table).
In the table, "N/A" denotes either a YES or NO answer that does not affect the final outcome of the authorization decision.
|
Was Subject Authenticated by SM Auth. Provider? |
Is the Enable-WebAgent parameter set? |
Exceptions (such as Agent connection problems)? |
Was the SiteMinder authorization successful? |
Authorization Decision |
|---|---|---|---|---|
|
No |
No |
N/A |
N/A |
ABSTAIN |
|
Yes |
No |
N/A |
N/A |
ABSTAIN |
|
No |
Yes |
N/A |
N/A |
ABSTAIN |
|
Yes |
Yes |
Yes |
N/A |
DENY |
|
Yes |
Yes |
No |
NO |
DENY |
|
Yes |
Yes |
No |
YES |
PERMIT |
The authorization decision table assumes that the resources in question are protected and that:
Note: If the Authentication Provider is configured, the SiteMinder Adjudication Provider must also be configured.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |