Menu
I am thinking of building a bespoke solution using either java or .NET and I want to integrate the authentication layer with SiteMinder.
A. From what I have found so far, it seems that SiteMinder provides some kind of APIs for external application to pass the login credentials to Siteminder and Siteminder is able to revert whether the login credentials are correct or not:
-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_java_dev_enu.pdf
-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_sdk_overview_enu.pdf
=> From your experience, is there any issue when you implement this?
B. After authentication, I envisage SiteMinder would pass the login user ID to my to-be-developed application, which will search the database to find out the roles and functions associated with the login user ID. This means that I would need to have a database table storing the list of user IDs from SiteMinder.
=> Is there any way to export the userIDs and names from siteminder into a flat file? I am thinking of setting up a regular data interface job that will extract user info from siteminder and updating my to-be-developed application.
987
In SiteMinder single sign-on (SSO), a user successfully authenticates through one agent and does not have to re-authenticate when accessing a realm protected by a different agent. The two agents must be in the same cookie domain, for example: /abc.siteminder.com.
Symantec SiteMinder provides a unified access management platform that applies the appropriate authentication mechanism to positively identify users; provides single sign-on and identity federation for seamless access to any application; enforces granular security policies to stop unauthorized access to sensitive ...
Computer Associates (CA) SiteMinder, formerly Netegrity SiteMinder, is an enterprise infrastructure product that enables centralized, secure Web access management. Its features include user authentication and single sign-on, policy-based authorization, and identity federation.
A. I strongly recommend not to use the SDK if you're not obligated to. Your code will be too tied to Siteminder and might break on every upgrade of the Siteminder infrastructure. The SDK is used when there are no other solutions.
A more standard way to integrate Siteminder would be to install a Web Agent/J2EE Agent on your web/application server. Siteminder will take care of the authentication process of the user, so you don't have to worry about passwords and passing credentials to Siteminder. This authentication process is totally transparent for the application.
Once the user is authenticated by Siteminder, the web agent will add specific HTTP headers to the request with informations on the user (username, email address, applicative roles, other informations...).
The application just has to fetch and trust these informations in the incoming HTTP request.
B. You have two way to achieve this:
137
A. API to create SiteMinder session but you need credential input from user
B. SiteMinder does not use it's own user repository. It is outsourced to optional LDAP or Database servers. So you deal with that component without going thru SiteMinder
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
