Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology


  1. 1. SiteMinder Presented by Joel Dennison Software Engineering Roundtable March 11, 2009
  2. 2. Agenda <ul><li>Overview of SiteMinder </li></ul><ul><li>SiteMinder in Application Architecture </li></ul><ul><li>How SiteMinder works </li></ul><ul><li>SiteMinder Administration </li></ul><ul><li>What developers need to know </li></ul>
  3. 3. Overview of SiteMinder
  4. 4. Overview <ul><li>SiteMinder is a centralized Web access management system. </li></ul><ul><ul><ul><li>Authentication </li></ul></ul></ul><ul><ul><ul><li>Authorization </li></ul></ul></ul><ul><ul><ul><li>Auditing </li></ul></ul></ul><ul><ul><ul><li>Administration </li></ul></ul></ul>
  5. 5. Overview <ul><ul><li>Access is almost always tied to Identity , hence the commonly used term Identity and Access Management </li></ul></ul><ul><ul><li>SiteMinder provides Access Management and not Identity Management </li></ul></ul>
  6. 6. SiteMinder in Application Architecture
  7. 7. SiteMinder in Architecture
  8. 8. SiteMinder in Architecture <ul><li>Users </li></ul><ul><li>Secure Proxy Server </li></ul><ul><li>Destination Server </li></ul><ul><li>Policy Server </li></ul><ul><li>Web Server </li></ul><ul><li>Agent </li></ul><ul><li>Secured Applications </li></ul><ul><li>User and Entitlement Stores </li></ul>
  9. 9. SiteMinder in Architecture <ul><li>Agent based / Proxy based SiteMinder configuration </li></ul><ul><li>Agent based is typical for distributed access management </li></ul><ul><li>Proxy based configuration is typical for centralized access management </li></ul><ul><li>A combined approach allows for a flexible and very secure access management system </li></ul>
  10. 10. SiteMinder in Architecture
  11. 11. How SiteMinder works?
  12. 12. How SiteMinder works? User Accesses a web resource Agent finds the Resource protected User shown The Login page Authentication Info passed to Policy Server User given access To resource
  13. 13. Test Questions <ul><li>What are the two Access Control Strategies? </li></ul><ul><ul><ul><li>Agent-based strategy </li></ul></ul></ul><ul><ul><ul><li>Proxy-based strategy </li></ul></ul></ul>
  14. 14. SiteMinder Administration
  15. 15. SiteMinder Administration
  16. 16. SiteMinder Administration <ul><li>Web Server Configuration </li></ul><ul><ul><ul><ul><li>SiteMinder Host </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Configure the SiteMinder Policy Server with the host machine </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>A secure handshake between the Policy Server and host machine happens with the help of a secret key </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Web Agent </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Web Agent Configuration helps configure the agent to the Web server used </li></ul></ul></ul></ul></ul>
  17. 17. SiteMinder Administration <ul><li>Demonstration </li></ul><ul><li>SiteMinder Web Configuration </li></ul>
  18. 18. SiteMinder Administration <ul><li>SiteMinder Policy Server Configuration </li></ul><ul><ul><ul><ul><li>Agent </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Agent Configuration Objects </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Host Configuration Objects </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Administrator </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Domain </li></ul></ul></ul></ul><ul><ul><ul><ul><li>User Directory </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Realm </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Authentication Scheme </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Rules </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Responses </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Policies </li></ul></ul></ul></ul>
  19. 19. SiteMinder Administration <ul><li>Demonstration </li></ul><ul><li>SiteMinder Policy Server Configuration </li></ul>
  20. 20. SiteMinder Administration <ul><li>Realm = Resource </li></ul><ul><li>Rule = Resource + Access </li></ul><ul><li>User = Role </li></ul><ul><li>Response = Result </li></ul><ul><li>Policy = User + Rule + Response </li></ul>
  21. 21. Test Questions <ul><li>What are the two configurations that are needed in the Web server in a Agent-based SiteMinder deployment? </li></ul><ul><ul><ul><ul><ul><li>SiteMinder Host Configuration </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Agent Configuration </li></ul></ul></ul></ul></ul>
  22. 22. What developers need to know
  23. 23. What developers need to know <ul><li>The web application need not have any login page. </li></ul><ul><li>SiteMinder provides a common Login page that can be personalized </li></ul><ul><li>Dim smColl As NameValueCollection = HttpContext.Current.Request.Headers </li></ul><ul><li>lblUserID.Text = smColl( &quot;HTTP_SMUSER&quot; ) </li></ul><ul><li>All information contained in the SiteMinder header can be seen in the below link </li></ul>
  24. 24. Demonstration <ul><li>Demonstration </li></ul><ul><li>Sample Web Application protected </li></ul><ul><li>by SiteMinder </li></ul>
  25. 25. Test Questions <ul><li>Match the items in the left to the items in the right </li></ul><ul><ul><li>1. User Result </li></ul></ul><ul><ul><li>2. Policy Resource </li></ul></ul><ul><ul><li>3. Realm Resource + Access </li></ul></ul><ul><ul><li>4. Response User + Rules + Responses </li></ul></ul><ul><ul><li>5. Rule Role </li></ul></ul>
  26. 26. Summary <ul><li>SiteMinder as centralized web access management system with quad-A services </li></ul><ul><li>Identity vs Access Management </li></ul><ul><li>SiteMinder in some typical Application Architecture </li></ul><ul><li>How SiteMinder works </li></ul><ul><li>SiteMinder Web Server configuration (agent & host configuration) </li></ul><ul><li>SiteMinder Policy Server configuration </li></ul><ul><li>What developers need to know (login page and code) </li></ul>
  27. 27. Questions? Feel free to ask any questions. Thank You