The Policy Server provide access control and single sign-on. It typically runs on a separate Windows or UNIX system, and performs the following key security operations:
The following diagram illustrates a simple implementation of a Policy Server in a SiteMinder environment that includes a single SiteMinder Web Agent.
In a Web implementation, a user requests a resource through a browser. That request is received by the Web Server and intercepted by the SiteMinder Web Agent. The Web Agent determines whether or not the resource is protected, and if so, gathers the user's credentials and passes them to the Policy Server. The Policy Server authenticates the user against native user directories, then verifies if the authenticated user is authorized for the requested resource based on rules and policies contained in the Policy Store. When a user is authenticated and authorized, the Policy Server grants access to protected resources and delivers privilege and entitlement information.
Note: Custom Agents can be created using the SiteMinder Agent API. For more information, see the Programming Guide for C.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |