<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Siteminder

Published on
12,555 Points
6,155 Views
4 Endorsements
Last Modified:
Approved
Introduction
This article briefs you about siteminder and its various tools available for integration with your web applications. This is just an overview to know about siteminder tools. There are lot of documentation available in the CA Netigrity website (Reference section below).  

Purpose
The web user can securely access the web application using Siteminder API. Only a validated user can navigate through the web application.  Integration of authentication and authorization with the web application can be easily achieved using Siteminder tools.

How it works?
The siteminder consists of set of tools which help in securing the website and also used for Authentication & authorization of the web application.

The main 2 components of the siteminder are
1.      Webagent
2.      Policy Server.

The webagent acts as a proxy between your browser and the web server, any request that comes to the webserver is filtered, validated before the request is forwarded to the webserver. The authentication and authorization is performed using Siteminder Policy server.

Siteminder Webagent
Siteminder webagent is used to filter all the http request that comes from the web browser to the webserver. The webagent secures the webserver to make sure only validated user is allowed to the view the web application.

Policy Server
The siteminder webagent uses the site minder policy server for Authentication & Authorization. The siteminder policy server in turn communicates to either LDAP or Database for source data.

The below diagram shows the siteminder interaction with webapp:
Siteminder integration

Siteminder SDK
Siteminder also provides API to directly talk to the policy server. This is particularly useful when we do not want to depend on webagent rather directly communicate to the policy server for Authentication & Authorization. Siteminder Policy server exposes couple of API for direct communication.

Some of the API are:
1.      Policies
2.      Realms
3.      Responses and response groups
4.      Response attributes
5.      Rules and rule groups
6.      User policies

The below diagram shows the siteminder SDK interaction:
Siteminder SDK
The general recommendation is to use the siteminder with the webagent. Accessing using SDK needs more programming on the policy server API. The API calls needs to be updated if there are any SDK version changes.

Reference
CA Siteminder Website

To access the above url, you need to register yourself in their website. Free registration will allow you to access all their documentation. Worth spending couple of minutes!!
4
Comment
Author:srivenky
0 Comments

Featured Post

JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Join & Write a Comment

Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month