• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SiteMinder
 

SiteMinder

on

  • 14,806 views

 

Statistics

Views

Total Views
14,806
Views on SlideShare
14,771
Embed Views
35

Actions

Likes
3
Downloads
501
Comments
0

1 Embed 35

http://www.slideshare.net 35

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SiteMinder SiteMinder Presentation Transcript

    • SiteMinder Presented by Joel Dennison Software Engineering Roundtable March 11, 2009
    • Agenda
      • Overview of SiteMinder
      • SiteMinder in Application Architecture
      • How SiteMinder works
      • SiteMinder Administration
      • What developers need to know
    • Overview of SiteMinder
    • Overview
      • SiteMinder is a centralized Web access management system.
          • Authentication
          • Authorization
          • Auditing
          • Administration
    • Overview
        • Access is almost always tied to Identity , hence the commonly used term Identity and Access Management
        • SiteMinder provides Access Management and not Identity Management
    • SiteMinder in Application Architecture
    • SiteMinder in Architecture
    • SiteMinder in Architecture
      • Users
      • Secure Proxy Server
      • Destination Server
      • Policy Server
      • Web Server
      • Agent
      • Secured Applications
      • User and Entitlement Stores
    • SiteMinder in Architecture
      • Agent based / Proxy based SiteMinder configuration
      • Agent based is typical for distributed access management
      • Proxy based configuration is typical for centralized access management
      • A combined approach allows for a flexible and very secure access management system
    • SiteMinder in Architecture
    • How SiteMinder works?
    • How SiteMinder works? User Accesses a web resource Agent finds the Resource protected User shown The Login page Authentication Info passed to Policy Server User given access To resource
    • Test Questions
      • What are the two Access Control Strategies?
          • Agent-based strategy
          • Proxy-based strategy
    • SiteMinder Administration
    • SiteMinder Administration
    • SiteMinder Administration
      • Web Server Configuration
            • SiteMinder Host
              • Configure the SiteMinder Policy Server with the host machine
              • A secure handshake between the Policy Server and host machine happens with the help of a secret key
            • Web Agent
              • Web Agent Configuration helps configure the agent to the Web server used
    • SiteMinder Administration
      • Demonstration
      • SiteMinder Web Configuration
    • SiteMinder Administration
      • SiteMinder Policy Server Configuration
            • Agent
            • Agent Configuration Objects
            • Host Configuration Objects
            • Administrator
            • Domain
            • User Directory
            • Realm
            • Authentication Scheme
            • Rules
            • Responses
            • Policies
    • SiteMinder Administration
      • Demonstration
      • SiteMinder Policy Server Configuration
    • SiteMinder Administration
      • Realm = Resource
      • Rule = Resource + Access
      • User = Role
      • Response = Result
      • Policy = User + Rule + Response
    • Test Questions
      • What are the two configurations that are needed in the Web server in a Agent-based SiteMinder deployment?
              • SiteMinder Host Configuration
              • Agent Configuration
    • What developers need to know
    • What developers need to know
      • The web application need not have any login page.
      • SiteMinder provides a common Login page that can be personalized
      • Dim smColl As NameValueCollection = HttpContext.Current.Request.Headers
      • lblUserID.Text = smColl( "HTTP_SMUSER" )
      • All information contained in the SiteMinder header can be seen in the below link https://www.portal.beta.state.pa.us/portal/sso/showheaders.aspx
    • Demonstration
      • Demonstration
      • Sample Web Application protected
      • by SiteMinder
    • Test Questions
      • Match the items in the left to the items in the right
        • 1. User Result
        • 2. Policy Resource
        • 3. Realm Resource + Access
        • 4. Response User + Rules + Responses
        • 5. Rule Role
    • Summary
      • SiteMinder as centralized web access management system with quad-A services
      • Identity vs Access Management
      • SiteMinder in some typical Application Architecture
      • How SiteMinder works
      • SiteMinder Web Server configuration (agent & host configuration)
      • SiteMinder Policy Server configuration
      • What developers need to know (login page and code)
    • Questions? Feel free to ask any questions. Thank You