Previous Topic: How Users are Authenticated in Heterogeneous, Single Directory Environments

Next Topic: Define Agents for a Heterogeneous, Single Directory Environment

System and Policy Domain Configuration

This system configuration differs from the homogeneous environment; you must now create two Agents.

Within the policy domain there is one policy that includes rules and responses for the Cisco Agent and the Checkpoint Agent.

To setup SiteMinder in the heterogeneous, single directory environment described above, you must:

  1. Configure the system:
    1. Define two RADIUS Agents, as described in Define Agents for a Heterogeneous, Single Directory Environment.
    2. Setup a user directory against which to authenticate RADIUS users, as described in Configure the User Directory.
    3. Create one policy domain, as described in Create the Policy Domain.
    4. Create an authentication scheme, as described in Create the Authentication Scheme.
  2. Configure the policy domain:
    1. Define two realms--one realm for the Cisco RAS and one realm for the Checkpoint firewall. Each realm binds a RADIUS Agent with a RADIUS authentication scheme.
    2. Define two rules that allow authenticated users to access the appropriate realm. Each rule binds a realm with an allow or deny access event.
    3. Define two responses that provide the user profile to the NAS device and configure the characteristics of the session using response attributes. A separate response must be defined for each NAS device because each device uses a different Dictionary file.
    4. Create one policy that binds the Cisco rule with the Cisco response and the Checkpoint rule with the Checkpoint response. This policy also binds the components of the policy domain (the rule and response groupings) with the RADIUS user directory.

A diagram of this policy domain is shown in the following graphic:


Copyright © 2010 CA. All rights reserved. Email CA about this topic