Previous Topic: Configure Policy Server Clusters for a Host Configuration ObjectNext Topic: SAML Affiliate Agents


SiteMinder Agents Overview

An Agent in a SiteMinder environment is a network entity that acts as a filter to enforce network access control or Web access control. An Agent monitors requests for resources. When a user requests a protected resource, the Agent prompts the user for credentials based on an authentication scheme, and sends the credentials to a Policy Server.

The Policy Server determines whether or not a user can be authenticated based on the credentials, and whether or not the user is authorized for the requested resource. The Policy Server then communicates with the Agent, which allows or denies access to the requested resource.

Web Agents, Affiliate Agents, EJB Agents, Servlet Agents, and RADIUS Agents are available by default. All other Agents are considered Custom Agents that must be created using the Agent APIs. Once created, you can configure Custom Agents in the Administrative UI.

Web Agents

Web Agents are SiteMinder Agents that operate with Web servers. When a user requests a page from the Web server, the Web Agent communicates with the Policy Server and processes authentication and authorization requests before the user can access the resource from a Web browser. In addition, the Policy Server can provide information that the Web Agent uses to provide personalized content based on a user’s identity.

The following diagram illustrates the three most basic transactions that a Web Agent and Policy Server handle in order to provide access to a protected resource. These transactions can contain more detailed information to enable customized content and support other SiteMinder features, but the process is similar whenever a user attempts to access a resource through a Web server managed by a Web Agent.

Illustration showing the three basic transactions that a Web Agent and Policy Server handle to provide access to a protected resource

The previous figure assumes that a user requests a protected resource for which the user is authorized. The Web Agent checks with the Policy Server to determine if the resource is protected, and the Policy Server indicates that it is protected. The Web Agent gathers credentials from the user and communicates them to the Policy Server.

The Policy Server authenticates the user and informs the Web Agent that the user has been properly identified. Finally, the Web Agent checks with the Policy Server to determine if the user is authorized for the resource. The Policy Server verifies that the user is authorized for the resource, communicates this to the Web gent, and the Web Agent allows the Web server to display the protected resource requested by the user.

Agents that control the same resources and are of the same Agent type (all Web Agents, or all RADIUS Agents) can be grouped.

Note: If you plan to configure support for virtual Web servers, see the Web Agent Configuration Guide.

More information:

Agent Groups