In a proxy mode deployment, you use CA SiteMinder® Federation Standalone in the DMZ to forward requests to backend web servers that host federated applications. These backend systems sit behind a firewall and are not directly accessible.
Proxy mode offers the following advantages:
Note: You can protect the HTTP Headers against modification by an unauthorized user by setting an HTTP Header prefix. More information is available for protecting HTTP Headers in proxy mode.
Important! In proxy mode CA SiteMinder® Federation Standalone passes all requests to the backend network. Therefore, be sure that all resources on a backend web server are protected by CA SiteMinder® or another access control product. For example, a backend web server may host a federated application as well as unprotected resources behind the firewall. If the administrator exposes the federated application, the unprotected resources are also exposed because CA SiteMinder® Federation Standalone allows full access to the backend web server without checking for authorization. This assumes that the non-federated resources are URL-addressable.
The following figure shows a typical proxy mode deployment from the perspective of the relying party.
The previous figure shows the following communication flow at the relying party:
|
Copyright © 2013 CA.
All rights reserved.
|
|