Your SlideShare is downloading. ×
SiteMinder
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SiteMinder

16,909

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
16,909
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
623
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SiteMinder Presented by Joel Dennison Software Engineering Roundtable March 11, 2009
  • 2. Agenda
    • Overview of SiteMinder
    • SiteMinder in Application Architecture
    • How SiteMinder works
    • SiteMinder Administration
    • What developers need to know
  • 3. Overview of SiteMinder
  • 4. Overview
    • SiteMinder is a centralized Web access management system.
        • Authentication
        • Authorization
        • Auditing
        • Administration
  • 5. Overview
      • Access is almost always tied to Identity , hence the commonly used term Identity and Access Management
      • SiteMinder provides Access Management and not Identity Management
  • 6. SiteMinder in Application Architecture
  • 7. SiteMinder in Architecture
  • 8. SiteMinder in Architecture
    • Users
    • Secure Proxy Server
    • Destination Server
    • Policy Server
    • Web Server
    • Agent
    • Secured Applications
    • User and Entitlement Stores
  • 9. SiteMinder in Architecture
    • Agent based / Proxy based SiteMinder configuration
    • Agent based is typical for distributed access management
    • Proxy based configuration is typical for centralized access management
    • A combined approach allows for a flexible and very secure access management system
  • 10. SiteMinder in Architecture
  • 11. How SiteMinder works?
  • 12. How SiteMinder works? User Accesses a web resource Agent finds the Resource protected User shown The Login page Authentication Info passed to Policy Server User given access To resource
  • 13. Test Questions
    • What are the two Access Control Strategies?
        • Agent-based strategy
        • Proxy-based strategy
  • 14. SiteMinder Administration
  • 15. SiteMinder Administration
  • 16. SiteMinder Administration
    • Web Server Configuration
          • SiteMinder Host
            • Configure the SiteMinder Policy Server with the host machine
            • A secure handshake between the Policy Server and host machine happens with the help of a secret key
          • Web Agent
            • Web Agent Configuration helps configure the agent to the Web server used
  • 17. SiteMinder Administration
    • Demonstration
    • SiteMinder Web Configuration
  • 18. SiteMinder Administration
    • SiteMinder Policy Server Configuration
          • Agent
          • Agent Configuration Objects
          • Host Configuration Objects
          • Administrator
          • Domain
          • User Directory
          • Realm
          • Authentication Scheme
          • Rules
          • Responses
          • Policies
  • 19. SiteMinder Administration
    • Demonstration
    • SiteMinder Policy Server Configuration
  • 20. SiteMinder Administration
    • Realm = Resource
    • Rule = Resource + Access
    • User = Role
    • Response = Result
    • Policy = User + Rule + Response
  • 21. Test Questions
    • What are the two configurations that are needed in the Web server in a Agent-based SiteMinder deployment?
            • SiteMinder Host Configuration
            • Agent Configuration
  • 22. What developers need to know
  • 23. What developers need to know
    • The web application need not have any login page.
    • SiteMinder provides a common Login page that can be personalized
    • Dim smColl As NameValueCollection = HttpContext.Current.Request.Headers
    • lblUserID.Text = smColl( "HTTP_SMUSER" )
    • All information contained in the SiteMinder header can be seen in the below link https://www.portal.beta.state.pa.us/portal/sso/showheaders.aspx
  • 24. Demonstration
    • Demonstration
    • Sample Web Application protected
    • by SiteMinder
  • 25. Test Questions
    • Match the items in the left to the items in the right
      • 1. User Result
      • 2. Policy Resource
      • 3. Realm Resource + Access
      • 4. Response User + Rules + Responses
      • 5. Rule Role
  • 26. Summary
    • SiteMinder as centralized web access management system with quad-A services
    • Identity vs Access Management
    • SiteMinder in some typical Application Architecture
    • How SiteMinder works
    • SiteMinder Web Server configuration (agent & host configuration)
    • SiteMinder Policy Server configuration
    • What developers need to know (login page and code)
  • 27. Questions? Feel free to ask any questions. Thank You

×