This article briefs you about siteminder and its various tools available for integration with your web applications. This is just an overview to know about siteminder tools. There are lot of documentation available in the CA Netigrity website (Reference section below).
The web user can securely access the web application using Siteminder API. Only a validated user can navigate through the web application. Integration of authentication and authorization with the web application can be easily achieved using Siteminder tools.
How it works?
The siteminder consists of set of tools which help in securing the website and also used for Authentication & authorization of the web application.
The main 2 components of the siteminder are
2. Policy Server.
The webagent acts as a proxy between your browser and the web server, any request that comes to the webserver is filtered, validated before the request is forwarded to the webserver. The authentication and authorization is performed using Siteminder Policy server.
Siteminder webagent is used to filter all the http request that comes from the web browser to the webserver. The webagent secures the webserver to make sure only validated user is allowed to the view the web application.
The siteminder webagent uses the site minder policy server for Authentication & Authorization. The siteminder policy server in turn communicates to either LDAP or Database for source data.
The below diagram shows the siteminder interaction with webapp:
Siteminder also provides API to directly talk to the policy server. This is particularly useful when we do not want to depend on webagent rather directly communicate to the policy server for Authentication & Authorization. Siteminder Policy server exposes couple of API for direct communication.
Some of the API are:
3. Responses and response groups
4. Response attributes
5. Rules and rule groups
6. User policies
The below diagram shows the siteminder SDK interaction:
The general recommendation is to use the siteminder with the webagent. Accessing using SDK needs more programming on the policy server API. The API calls needs to be updated if there are any SDK version changes.
CA Siteminder Website
To access the above url, you need to register yourself in their website. Free registration will allow you to access all their documentation. Worth spending couple of minutes!!