This article, at a high level, gives a brief overview of CA SiteMinder.......
Web Access Management (WAM) systems are the key to enabling business over the Web while limiting security risks. A WAM system protects and controls access to web applications, records user and administrator activities, and is responsible for creating a seamless single sign-on experience for users.
CA SiteMinder is a centralized web access management system that offers authentication, policy based authorization, single sign-on, and auditing. The basic architecture of CA SiteMinder includes 2 run-time components (Agent and Policy Server) and an administration component (Administrative UI).
The Agent acts as a Policy Enforcement Point (PEP), intercepting user requests for resources and communicating with a Policy Server to determine if the resource is protected. If the resource is not protected, the Agent allows access. If the resource is protected, the Agent continues to communicate with the Policy Server to authenticate and authorize users.
The Policy Server acts as a policy Decision Point (PDP). The policy server authenticates users on behalf of the PEP, evaluates security policies, and makes authorization decisions that are communicated back to the PEP. The Policy Server also audits each of these events.
The Administrative UI serves as a Policy Administration Point (PAP). Configurations (Domains, Rules, Responses & Policies) that are required for protecting a web application are set up in this web based interface.
At a high level, this is how CA SiteMinder works:
- User requests a web page.
- SiteMinder Web agent intercepts the request.
- Web Agent checks with the Policy Server “Is the page protected?”
- Policy Server checks for the appropriate Policy and Rule information.
- Policy Server requests the Web Agent for user’s credentials.
- Login page is displayed to the user. User provides the credentials and browser returns the credentials to the Web Agent.
- Web agent passes the credentials to the Policy Server asking “Is the user authenticated?”
- Policy Server checks the user credentials information from the user store.
- Credential information is returned and verified against the credentials supplied.
- Policy Server checks the policies and rules to answer “Is the user authorized?”
- Authorization information and response requirements are returned back to the Web Agent.
- Policy Server pulls user information to satisfy response requirements.
- User data is returned back to the Web Agent.
- Policy Server tells the Web Agent the user is authorized and passes the response data.
- Web Agent allows the Web Application to process the request providing the response data.
- Web page is processed and returned to the user.