The CA SiteMinder® authorization and authentication web services are part of the Secure Proxy Server (SPS) installation. You can enable or disable them individually.
The web services configuration process presupposes configuration of the following CA SiteMinder® objects:
You can use the authentication and authorization web services to support an application that is not otherwise protected. A free-standing application on a mobile phone, for example, can authenticate a user when the appropriate CA SiteMinder® objects are available.
These web services support the SOAP 1.2 protocol and the HTTP-based RESTful architecture. The authentication and authorization web services provide the following functionality:
Note: If the Enable User Tracking option is enabled, the response contains an identity token additionally.
The response to a request of an operation is dependent on the corresponding SiteMinder generated headers. If a resource is protected with the Anonymous authentication scheme, the response does not contain a session token but contains an identity token. The identity token can be used in the subsequent authorization request instead of a session token.
An authentication request includes the following parameters:
The appId references a user-defined logical name for the location of a hierarchy of resources, not a CA SiteMinder® Application object. Internally, the appId maps to an agent. CA SiteMinder® uses the agent name to determine the realm. The realm, the resource string, and user credentials are enough to authenticate the user.
An authorization request is simpler than an authentication request. The authorization request includes an appId, resource path, action, and session token, obtained from the login response. The web service validates the token and determines whether to grant access to the specified resource.
|
Copyright © 2013 CA.
All rights reserved.
|
|