This is regarding SiteMinder, is having two parts
a) Policy Server (which stores users credentials)
b) Web Agent (integrates with Web servers, J2EE Application servers or custom applications to enforce security and user management functions based on pre-defined policies.)
When the user send a request to restricted resource, so web agent will do the following things,
1. Web agent intercepts access request
2. Web agent asks policy server if resource is protected
3. If resource protected?
No: Web agent allows request through to the web server and delivers resource to browser
Yes: Are there credentials?
No: Web agent challenges user for credentials
Yes: Web agent passes credentials to policy server
4. User authenticated?
No: Access denied
Yes: Web agent checks policy sever for authorization
5. User authorized?
Yes: Web server delivers resource to browser
I don’t have any issues up to this level by theoretical, I have following doubts, my SiteMinder is running on Sun OS.
1.What are all the prerequest I need to follow.
2. Where I need to store Users inf. & How do I do the same. (Organization wise or individual wise)
3. Where I need to store my resource information.
4. In application side, for example, Siebel, People Soft etc… Any web agent or tool needs to install or configure for interacting with my SiteMinder Webagent.
5. As per I knew, SiteMinder is not providing Single Sign On (SSO) solution. Is it correct?
6. How Application will interact with Webagent, is there any virtual connection between application and policy server.
If any body knows regarding this, really great help. Thanks for your time and help.
a) Policy Server (which stores users credentials)
b) Web Agent (integrates with Web servers, J2EE Application servers or custom applications to enforce security and user management functions based on pre-defined policies.)
When the user send a request to restricted resource, so web agent will do the following things,
1. Web agent intercepts access request
2. Web agent asks policy server if resource is protected
3. If resource protected?
No: Web agent allows request through to the web server and delivers resource to browser
Yes: Are there credentials?
No: Web agent challenges user for credentials
Yes: Web agent passes credentials to policy server
4. User authenticated?
No: Access denied
Yes: Web agent checks policy sever for authorization
5. User authorized?
Yes: Web server delivers resource to browser
I don’t have any issues up to this level by theoretical, I have following doubts, my SiteMinder is running on Sun OS.
1.What are all the prerequest I need to follow.
2. Where I need to store Users inf. & How do I do the same. (Organization wise or individual wise)
3. Where I need to store my resource information.
4. In application side, for example, Siebel, People Soft etc… Any web agent or tool needs to install or configure for interacting with my SiteMinder Webagent.
5. As per I knew, SiteMinder is not providing Single Sign On (SSO) solution. Is it correct?
6. How Application will interact with Webagent, is there any virtual connection between application and policy server.
If any body knows regarding this, really great help. Thanks for your time and help.