Technical Whitepaper Der v2

White Paper
eTrust SiteMinder r6
™ ®
Technical White Paper

June 2005
Table of Contents
The Challenge: Building and Managing Secure Websites and Applications ....................................................................4
Building the Secure Website ..................................................................................................................................................4
Choosing the correct authentication technology ........................................................................................................4
Building the user directory ............................................................................................................................................4
Providing a quality single sign-on experience ............................................................................................................5
Managing the Secure Website ..........................................................................................................................................5
Implementing security for multiple web applications ................................................................................................5
Managing the security infrastructure ..........................................................................................................................5
Keeping user administration costs down ....................................................................................................................5
Choosing the correct technology partner ....................................................................................................................5
eTrust SiteMinder Features and Benefits..............................................................................................................................6
Authentication Management ............................................................................................................................................6
Authorization Management ..............................................................................................................................................6
Role based access control (RBAC) ................................................................................................................................6
eTrust SiteMinder eTelligent Rules ..............................................................................................................................6
Auditing and Reporting ......................................................................................................................................................7
Enterprise Manageability ..................................................................................................................................................7
Performance, Availability, Reliability, Scalability ............................................................................................................7
Performance ........................................................................................................................................................................7
Availability and Reliability ............................................................................................................................................7
Scalability ........................................................................................................................................................................7
Security............................................................................................................................................................................7
Broad Platform Support ................................................................................................................................................8
A Standards-based Solution ..............................................................................................................................................8
eTrust SiteMinder Architecture ..............................................................................................................................................8
eTrust SiteMinder Policy Server ........................................................................................................................................9
Access control services in a single process ................................................................................................................9
eTrust SiteMinder Agents ..................................................................................................................................................9
Web agents ....................................................................................................................................................................9
Application server agents ..............................................................................................................................................9
SAML affiliate agents ....................................................................................................................................................9
Enterprise application agents........................................................................................................................................9
Secure Proxy Server ........................................................................................................................................................10
Native Directory Integration ............................................................................................................................................11
eTrust SiteMinder Authentication Management ................................................................................................................11
Authentication Methods ..................................................................................................................................................11
Authentication Policies ....................................................................................................................................................11
Certificate Combinations and Alternatives ....................................................................................................................11
Forms-based Certification ................................................................................................................................................12
Authentication Levels ......................................................................................................................................................12
Directory Mapping ............................................................................................................................................................12
Password Services............................................................................................................................................................12
Impersonation ..................................................................................................................................................................13
eTrust SiteMinder Authorization Management ..................................................................................................................13
eTrust SiteMinder Policies ..............................................................................................................................................14
Global Policies ..................................................................................................................................................................15
Role based access control (RBAC) ..................................................................................................................................15
Single Sign-On ......................................................................................................................................................................15
Single and Multiple Cookie Domains..............................................................................................................................16
Federated Security Services ............................................................................................................................................16
Microsoft .NET Passport integration ..........................................................................................................................17
Single Sign-on in the Windows Environment................................................................................................................18
Windows integrated security ......................................................................................................................................18
Windows application login ..........................................................................................................................................18
Auditing and Reporting ........................................................................................................................................................18
Auditing ............................................................................................................................................................................18
Reporting ..........................................................................................................................................................................18
Report drill down capabilities......................................................................................................................................18
Activity reports..............................................................................................................................................................19
Intrusion reports ..........................................................................................................................................................19
Administrative reports ................................................................................................................................................19
Time series reports ......................................................................................................................................................19
Enterprise Manageability......................................................................................................................................................19
OneView Monitor..........................................................................................................................................................19
Environment Collector ................................................................................................................................................20
Test Tool ........................................................................................................................................................................20
Logging and policy profiling ......................................................................................................................................20
Centralized Agent Management ......................................................................................................................................21
Rapid Policy Deployment ................................................................................................................................................21
Unattended installations ..............................................................................................................................................22
Command line interface ..............................................................................................................................................22
Performance, Reliability, Scalability and Availability ........................................................................................................22
Performance ......................................................................................................................................................................22
Bulk operations ............................................................................................................................................................22
Authentication and authorization................................................................................................................................22
Reliability, Availability and Scalability ............................................................................................................................23
Policy server clusters ..................................................................................................................................................23
Security ..................................................................................................................................................................................23
Data Confidentiality ..........................................................................................................................................................24
Mutual Authentication ......................................................................................................................................................24
Revocation of User Credentials ......................................................................................................................................24
Encrypted Session Cookies..............................................................................................................................................24
Session and Idle Timeouts ..............................................................................................................................................24
Rolling Keys ......................................................................................................................................................................24
Hardware Stored Encryption Keys ..................................................................................................................................24
LDAP Protection from Denial-of-service Attacks............................................................................................................24
Protection from Cross-site Scripting ..............................................................................................................................25
Unique Secure HTTP Header Passing ............................................................................................................................25
Advanced Web Agents ....................................................................................................................................................25
eTrust SiteMinder Developer Capabilities ..........................................................................................................................25
Creating Custom Agents ..................................................................................................................................................25
Single Sign-on Support for Custom Agents ..................................................................................................................25
Managing the Policy Store ..............................................................................................................................................26
Managing the User Store ................................................................................................................................................26
Creating a Custom Authentication Scheme ..................................................................................................................26
Flexible Authorization ......................................................................................................................................................26
Adding a Directory Provider ............................................................................................................................................26
Integrating with eTrust SiteMinder Events ....................................................................................................................26
Session Server API ..........................................................................................................................................................26
Creating a Secure Communication Tunnel ....................................................................................................................26
Summary ..............................................................................................................................................................................27
For More Information ..........................................................................................................................................................27
• Enhancing the user experience. How can companies
The Challenge: Building and provide a personal, easy to navigate online session
Managing Secure Websites for their users, and at a low cost?
and Applications From a user perspective, these new-generation sites
With its extended reach and power, the internet and applications must be:
has fundamentally changed traditional business
• Responsive. To deliver high-performance applica-
processes. E-business has ushered in the widespread
tions, whether they're for customers, partners, or
deployment of intranets, business-to-business (B2B)
employees.
extranets and e-commerce websites. These sites
extend business processes to the furthest reaches of • Interactive. To provide the right users access to the
the web, enabling partners and customers to access right applications, data, services, and other
critical applications, information, services, and resources, all of them, at the right time.
transactions anytime and anywhere.
• Simple. To provide a seamless user experience with
Companies are redeploying the applications that they cross-domain access.
have built over the years with web front ends, as well
as deploying new applications on web servers, J2EE Today, corporate IT infrastructures are often insuffi-
based application servers, and even mainframe sys- cient to meet the demands of e-business and unable
tems that include web servers. As they open up their to manage multiple types of applications accessed by
businesses to new users through the web, they face multiple types of users (employees, customers, suppliers
new and complex challenges. and partners) using multiple types of devices (laptops,
PDAs, cell phones). Many sites must accommodate
Companies must solve a new generation of managea- millions of users and many millions of transactions
bility issues, from deployment of online resources without jeopardizing security. In particular, implementers
throughout a global environment through monitoring face several challenging business and technical prob-
and reporting of online activities. IT professionals lems grouped into two major areas: first, building the
need to support heterogeneous environments by pro- secure website and then, managing the secure website.
viding flexible deployment approaches. They need to
provide enterprise-class performance, availability, and
scalability to support potentially millions of users. And Building the Secure Website
they must ensure a long life for these systems by For web developers, the process of building a secure
embracing open standards and platforms. website can be very complex. Whether it’s managing
multiple user directories or creating a shared service
From the security perspective, there are several factors for authentication, authorization and audit, they need
that must be carefully considered: new tools to design and build robust security.
• Authentication. Who will access the system? Will Choosing the correct authentication technology
multiple companies, such as partners, need access? Due to implementation challenges, security managers
How will authentication across multiple websites be often struggle to define a unified authentication strategy
handled? Is a simple password policy appropriate, or across internet and intranet applications. The result is
are stronger controls needed? that either high-value applications are not protected
by equally secure authentication systems or low value
• Authorization. Companies need powerful policies
web applications are protected by authentication
that can be easily replicated for similar applications
systems that might actually push users away.
and services. They need to implement a single
Companies need a single method to deploy multiple
shared service to simplify and speed administration,
authentication systems in a unified strategy that
and to reduce the burden on application developers.
ensures high value applications are protected by
• Audit. Companies must closely track how the security strong authentication while lower value applications
system is being used. System administrators need are protected by simpler user name/password systems.
detailed system data to fine-tune performance and
Building the user directory
business managers need activity data to demonstrate
Traditionally, security administrators have deployed
compliance with security policies and regulations.
an authentication system and access control list (ACL)
• Entitlement service. How can companies tie in all of with each application. For a small number of critical
the entitlements, that is, profile characteristics of applications, this one-to-one authentication system
individual users, from multiple directories and user might be feasible. However, as the number and
stores into a single, shared security service? complexity of applications increases, this approach
4
quickly becomes unmanageable. With each application and users increases, administrative costs can spike
storing its own user privilege information within an drastically. As web applications continue to gain in
application-specific repository or ACL, separate from strategic importance, the management and adminis-
any corporate user directory, redundant user administration of these complex environments will be among
tration and user databases are created that quickly get the most pressing IT challenges.
out of synchronization with the corporate directory,
compromising security and the user experience. Keeping user administration costs down
Whether it’s expanding the customer base, adding
Providing a quality single sign-on experience suppliers to the extranet, reorganizing divisions, or
Successful websites need to provide customers with improving service quality, people are the center of
the information and services they want, and that the every business initiative. But, as e-business websites
company wants them to see, in a personalized context grow, the number of users interacting with the sites
that is easy to understand and navigate. If the content also grows, and those increases translate into a broad
is not personalized, or if users must endure multiple range of significant management challenges:
sign-ons to different applications, they become quickly
frustrated and go elsewhere. In addition, companies • Assigning authentication methods to resources
might forge relationships with any number of affiliates and users
and partners whose sites, information and services • Synchronizing IDs and passwords across multiple
offer complementary value. directories
Federation enables companies to provide users single • Enabling self-registration and password support
sign-on by transparently linking to all resources for users
within the company’s main website, and its affiliates’ • Providing phone and online support to thousands
websites from the main site. Single sign-on lets users or millions of users, 24x7, around the globe.
easily conduct business or obtain more detailed
product information. Choosing the correct technology partner
Total cost of ownership is directly related to the ability
to support open standards that leverage existing IT
Managing the Secure Website investments, offer extensive partnership integration,
From an operational perspective, security issues also avoid vendor dead-ends, and minimize expensive
play an important role in how companies manage third-party integration. It’s possible, of course, to
and operate websites. Key issues include leveraging achieve an impressive return on investment (ROI) by
redundant points of administration and managing the moving applications, and the business processes they
associated costs of supporting multiple applications support, to the web, but the key is how to do so cost
and platforms. effectively. As new web applications are deployed,
ROI numbers rise, but with each new application,
Implementing security for multiple web applications access, security management, and scalability
The scheme for managing authentication and requirements and issues also arise. To solve that
authorization for web resources often varies across problem, companies need comprehensive open
web servers, application servers, operating systems application program interfaces (APIs), directory
and development tools. Consequently, administration mapping, and a 24x7 redundant architecture.
and authorization capabilities can vary greatly. These
differences can lead to administrative problems as The right solution removes security from each
well as an inconsistent security framework because application and centralizes all user management
these more complex environments are often more and security in one place. eTrust™ SiteMinder® is the
costly and time consuming to administer than single- right solution: it provides corporate and consumer
platform environments. As a result, the quality of e-business sites with the secure, scalable and reliable
website security is often lower in heterogeneous envi- identity and privilege management infrastructure they
ronments, which is clearly an unacceptable situation. require for conducting business. It also provides cen-
tralized control that administrators need to efficiently
Managing the security infrastructure manage and support that security infrastructure.
It’s a daunting and expensive challenge to deploy
large-scale websites that can encompass hundreds of
web servers, applications, and security policies as well
as multiple types of authentication systems to enforce
authentication and access control; all with 24x7 con-
tinuous availability. As the number of applications
5
eTrust SiteMinder Features company’s main site, without having to be re-authen-
ticated. Companies with eTrust SiteMinder security
and Benefits solutions can interoperate securely and more effectively
with more sites, including sites that use other security
eTrust SiteMinder offers the type of solution
solutions. Users experience a more seamless experi-
businesses need to meet the challenge of building and
ence across affiliated sites, improving the chances for
managing secure websites. eTrust SiteMinder provides
increased revenue and enhanced relationships.
all the essential security services required to meet this
challenge, while also including management features
and technical capabilities that can reduce the total Authorization Management
cost of ownership. eTrust SiteMinder centralizes the administration of
user entitlements for customers, partners and employ-
ees across all web applications through a shared
Authentication Management
service. The eTrust SiteMinder advanced architecture
eTrust SiteMinder supports a broad range of authenti-
and ability to enforce all web-based security policies
cation methods including passwords, tokens, X.509
across the enterprise eliminates the need for redun-
certificates, custom forms, and biometrics, as well as
dant user directories and application-specific security
combinations of authentication methods. It also sup-
logic. Centralized authorization greatly reduces devel-
ports certificate validation through either certificate
opment costs by allowing developers to focus on the
revocation lists (CRL) or Online Certificate Status
application business logic, not on enforcing security
Protocol (OCSP).
policies.
eTrust SiteMinder integrates with industry-leading
eTrust SiteMinder provides security and access
directory services and user stores, eliminating redundant
management through its security policies, which are
administration of user information. This integration
designed to accommodate the user and the user’s
simplifies administration and provides unique and
relationship to the protected resource. A policy pro-
comprehensive security capabilities. eTrust SiteMinder
tects resources by explicitly allowing or denying user
fully leverages existing user directories, from leading
access. It specifies the resources that are protected,
LDAP directories and relational databases, to main-
the users, groups or roles that have access to these
frame security directories.
resources, the conditions under which this access
With single sign-on (SSO) and federation, users get should be granted, and the delivery method of those
a unified and personalized view to all available resources to authorized users. If a user is denied
resources within and across enterprise boundaries. access to a resource, the policy also determines how
Businesses and their partners can provide their that user should be handled.
customers with all their available services; access to
Role based access control (RBAC)
all relevant, authorized information; and access to
eTrust SiteMinder, when used with eTrust™ IdentityMinder®,
multiple applications that run on multiple servers,
gives enterprises the ability to extend existing authori-
multiple platforms, and across multiple internet
zation policies to roles established for users in eTrust
domains. Single sign-on provides a rich user experience,
IdentityMinder. Using eTrust IdentityMinder, enterprises
increased security and reduced customer support
can map organizational structure as well as functional
costs due to lost passwords.
responsibilities to create and manage roles. eTrust
eTrust SiteMinder Federated Security Services let SiteMinder can then bind policies to roles for end-to-
users move across partner and affiliated websites, end identity and access management control.
without having to be re-authenticated. eTrust
eTrust SiteMinder eTelligent Rules
SiteMinder provides these services by implementing
As a business grows and changes, existing security
SAML, a standards-based technology. SAML specifies
logic within applications will likely have to be modified
a framework for sharing security information through
or extended. With eTrust SiteMinder, security adminis-
XML documents, called assertions. eTrust SiteMinder
trators can use eTelligent Rules to make those security
can consume incoming SAML assertions and can
logic changes outside the applications, without
produce outgoing SAML tokens. As a result, eTrust
changing program code, further reducing reliance on
SiteMinder provides a complete, bi-directional SAML
programming. Most other security solutions would
federation that enables maximum interoperability
have to rely on applications being re-programmed,
among enterprises; that is, users can be authenticated
re-built and re-deployed.
either at a company’s main site and go to any partner
site, or be authenticated at a partner site and go to the
6
Auditing and Reporting Availability and Reliability
Auditing and reporting lets managers track user and eTrust SiteMinder reliably and effectively helps to
administrative activity and analyze and correct security ensure that the entire environment that is being
events and anomalies. eTrust SiteMinder lets compa- secured remains available and accessible to the right
nies define activities within the eTrust SiteMinder users. Administrators can set up load balancing and
environment to be logged and where that information failover so that if one eTrust SiteMinder component is
should be stored: in a file or in a relational database. unavailable, the next one will be used without inter-
Both the policy server and web agents provide sepa- ruption to the user. Even if an eTrust SiteMinder com-
rate audit logging and debug logging. ponent fails, it will automatically be re-started to keep
all operations going all the time.
Enterprise Manageability eTrust SiteMinder administrators also have the option

eTrust SiteMinder enables efficient management to cluster policy servers, that is, to group together
practices in all areas of security system operations, policy servers based on criteria that are important to
including responsive troubleshooting, fast day-to-day the security system implementation. Once policy
execution of routine operations and easy-to-manage servers are clustered, administrators can set up
periodic operations. Daily activities, such as trou- dynamic load balancing within the cluster and auto-
bleshooting, password services and reporting, can matic failover among clusters to meet the increasing
be completed faster and better because eTrust high performance, high availability requirements of
SiteMinder provides centralized administration tools a growing enterprise.
for the entire security environment. eTrust SiteMinder
also provides tools that let administrators easily Scalability
manage deployment, including remote agents and eTrust SiteMinder can be scaled to meet security
security policies, regardless of the size of the security requirements for almost any website, both in terms
environment. of numbers of users and numbers of resources. With
eTrust SiteMinder, security administrators don’t have
to worry about their company’s new acquisitions or
Performance, Availability, Reliability, new partnerships. eTrust SiteMinder will be able to
Scalability handle it: new users, new platforms, new applications,
As more web applications are deployed and more or additional spoken languages. No portion of the
business is conducted by more people online, compa- enterprise would go unsecured, possibly leaving holes
nies need a security solution that is efficient, available, that unauthorized users could take advantage of.
reliable, and scalable. eTrust SiteMinder meets all
these criteria, especially for very large deployments. In terms of numbers of users, eTrust SiteMinder can
work effectively and efficiently with many millions
of users with information stored on a broad array of
Performance user stores. By centralizing user access management,
Based on independent third-party comparison against security administrators can manage all security
published data from other vendors, eTrust SiteMinder requirements for all categories of users throughout
has proven its ability to provide significantly higher the enterprise, from a single location.
transaction rates than competing solutions. eTrust
SiteMinder is the only solution with proven deploy- Security
ments supporting millions of users at companies like eTrust SiteMinder offers the most secure communica-
American Express, E-Trade and General Electric. tions architecture in the industry. With 128-bit
encryption and hardware token-based encryption key
eTrust SiteMinder achieves these high levels of per- management and storage, eTrust SiteMinder combines
formance by optimizing the speed of its policy server, the best of security and manageability by deploying a
the component that runs the centralized security mix of eTrust SiteMinder Agents and eTrust SiteMinder
services. With quick start-up and fast runtime per- Secure Proxy Servers across a single policy model. In
formance, the policy servers provide efficient security addition, eTrust SiteMindersupports a comprehensive
services capable of supporting millions of users and set of password services including password composi-
thousands of protected resources. tion, dictionary checking and expiration rules allowing
you to implement robust password rules.
7
Broad Platform Support eTrust SiteMinder Architecture
To help achieve a higher return on investment (ROI)
and lower total cost of ownership (TCO), eTrust eTrust SiteMinder is one of the industry’s leading
SiteMinder leverages existing technology investments directory-enabled access management systems. eTrust
by supporting leading infrastructure components, SiteMinder enables administrators to assign authenti-
including directories, web servers, application servers, cation schemes, define and manage authorization
platforms and authentication methods. eTrust privileges to specific resources, and create rules and
SiteMinder provides native-directory integration with policies to implement these authorization permissions.
existing directories and databases (LDAP, AD, NT With eTrust SiteMinder, companies can implement
Domain, MS SQLServer and Oracle) and integrates security policies to completely protect the content of
with a large number of leading enterprise applica- an entire website.
tions, such as SAP, Siebel and PeopleSoft. In addition,
eTrust SiteMinder consists of two primary components,
eTrust SiteMinder includes J2EE application server
the eTrust SiteMinder Policy Server and eTrust
agents, enabling fine-grained access control of IBM
SiteMinder Agents. See Figure 1 for an overview of
WebSphere and BEA WebLogic Server hosted applica-
the architecture of eTrust SiteMinder.
tions. eTrust SiteMinder extends its security manage-
ment and single sign-on capabilities to the OS/390 Secured Applications
mainframe platform with a web agent for the IBM
HTTP web server and support for RACF and ACF2
eTrust SiteMinder Finance
security directories through the eTrust SiteMinder Secure Proxy Server Destination
Web Servers
HR/Payroll
Intranet
Security Bridge. What’s more, eTrust SiteMinder also Supply Chain
supports authentication for network access devices, Users User & Entitlement Stores
including firewalls, dialup servers, and other RADIUS-

compliant devices. eTrust SiteMinder is fully multi- LDAP
Databases
byte enabled and can be used to secure the Employees
Partners
eTrust SiteMinder
Mainframes
NT Domain
Policy Server
Customers
deployment of multilingual sites. Secured Applications
A Standards-Based Solution Web Server

CRM
Customer Service
Partner Extranet
Even with eTrust SiteMinder’s extensive support for e-Commerce
leading infrastructure technologies, there are many

legacy and custom applications that many companies
Figure 1.
want to integrate into their web security system. At eTrust SiteMinder Architecture Overview
the same time, technology investments must remain
open to best-of-breed technologies and not be locked 1. User attempts to access a protected resource.
in to a limited number of vendors. eTrust SiteMinder is
2. User is challenged for his credentials and presents
the industry leader in adopting and supporting new
them to the Web Agent or to the Secure Proxy
technology standards as well as offering an extensive
Server
and well-documented series of Java and C application
programming interfaces (APIs) throughout the product. 3. The user’s credentials are passed to the policy
eTrust SiteMinder is developed on open standards. server
The eTrust SiteMinder development team was a 4. The user is authenticated against the appropriate
leading designer of the Oasis XML security standard, user store
known as Security Assertions Markup Language
(SAML). 5. The policy server evaluates the user’s entitlements
and grants access
6. User profile and entitlement information is passed
to the application
7. The user gets access to the secured application
which delivers customized content to the user
8
eTrust SiteMinder Policy Server The web agent caches extensive amounts of contextual
The eTrust SiteMinder Policy Server is the heart of information about the current user’s access. The
eTrust SiteMinder. The policy server provides the key caching parameters that control these services are
security decision-making operations for eTrust fully tunable by the administrator to optimize
SiteMinder. This high-performance server provides performance and security.
load balancing, failover and caching for superior relia-
bility and speed. Policy servers have been designed to Application server agents
be reliable, fast, and easy to manage, so they can be To secure more fine-grained objects such as servlets,
scaled to meet today’s and tomorrow’s business JSPs, or EJB components, which could comprise a
requirements. Policy server operations are optimized full-fledged distributed application, eTrust provides a
to get them initialized and running quickly. family of eTrust SiteMinder application server agents
(ASAs). ASAs are plug-ins that communicate with the
Access control services in a single process eTrust SiteMinder Policy Server to extend single
The eTrust SiteMinder Policy Server is a single-process sign-on (SSO) across the enterprise, including J2EE
engine that runs all four shared services: authentica- application server-based applications. ASAs protect
tion, authorization, administration and auditing. fine-grained resources hosted in an application server
The single, multi-threaded process results in a highly by superseding the native application server’s security
efficient, simple-to-manage system. The run-time mechanisms.
performance is very fast because the single process
server requires a smaller total memory footprint than For more information about the BEA WebLogic and
a multi-process server and thread context switches IBM WebSphere ASAs, refer to eTrust’s white papers
run faster than process context switches. available on (http://www.ca.com/etrust).
SAML affiliate agents

eTrust SiteMinder Agents E-business sites often link directly to any number of
Agents are the enforcement mechanisms for policy- affiliate websites to drive traffic and business to these
based authentication and access control. They integrate affiliate sites. For example, a customer might visit a
with web servers, application servers, enterprise sports-oriented site and follow a link to an affiliate site
applications or custom applications to enforce access that offers custom-made sports equipment. The
control based on defined policies. main site benefits from this arrangement because
it can draw more customers by providing a wide
Web agents variety of services and content, and it also generally
Web agents control access to web content and receives a commission for any purchases made on
deliver a user’s security context, managed by eTrust the affiliate site by a customer who originally came
SiteMinder, directly to any web application being from the main site. Both companies benefit from
accessed by the user. By placing an agent in a web these partnerships, and it is in the best interest of the
server that is hosting protected web content or applica- main site if the user experience on the affiliate site is
tions, administrators can coordinate security across a highly personalized.
heterogeneous environment of systems and create a
single sign-on environment for all users. An eTrust SiteMinder affiliate agent resides on the
affiliate’s web server and passes the user profile and
For web servers, the web agent integrates through entitlement information to applications running on the
each web server’s extension API. It intercepts all affiliate site. The user sees a seamless and personal-
requests for resources (URLs) and determines whether ized experience as the user moves from site to site.
each resource is protected by eTrust SiteMinder. If the The result is better customer relations for both busi-
resource is not eTrust SiteMinder-protected, the ness partners and a much higher likelihood of a
request is passed through to the web server for regular customer transaction.
processing. If it is protected by eTrust SiteMinder, the
web agent interacts with the policy server to authenti- Enterprise application agents
cate the user and to determine if access to the specific eTrust SiteMinder provides several agents that inte-
resource is allowed. Depending on the policy for the grate directly with the most widely used enterprise
requested resource, the web agent can also pass to applications.
the application a response that consists of the user’s
attributes from the user directory and entitlement
information. The application can use the entitlement
information to personalize the page content according
to the needs and entitlements of each user.
9
SAP Agent application. A custom agent working with the policy
The SAP Agent enables SAP R/3 customers to extend server as the core engine can extend the types of
SSO to their SAP users and to affiliate sites as well. resources that eTrust SiteMindercan protect.
The SAP Agent provides a second level of authentica-
tion behind the DMZ in a trusted zone or corporate
internal network, enforces session synchronization, Secure Proxy Server
and enables choices in authentication technologies The eTrust SiteMinder Secure Proxy Server is a
for SAP user authentication. turnkey, high performance, proxy gateway that
secures a company’s backend servers, offering an
Oracle Agent alternative deployment model for eTrust SiteMinder.
The Oracle Agent for Oracle extends SSO to Oracle With Secure Proxy Server, eTrust SiteMinder offers
users to their corporate web and application servers, two complementary policy enforcement strategies for
as well as to affiliate sites. The eTrust SiteMinder a more flexible and secure web access architecture.
Connector for Oracle Solutions also provides adminis- Customers may choose to deploy traditional eTrust
trators with the flexibility to select a variety of SiteMinder agents or the Secure Proxy Server. These
authentication methods. solutions may be used singly, or in combination, to
provide the optimum security and administration envi-
PeopleSoft Agent ronment for any site.
The PeopleSoft Agent for PeopleSoft 8 enables
PeopleSoft implementers to extend SSO to PeopleSoft Key benefits of the Secure Proxy Server include:
users. In addition, the eTrust SiteMinderAgent pro-
vides PeopleSoft 8 sites with the flexibility to choose • Increased Security. Secure Proxy Server provides
the authentication security technology, verification of multiple authentication schemes, basic, forms-
user session data within the application server, and based and certificate-based, while providing a
enforced synchronization between eTrust SiteMinder single access management point. It prevents
and PeopleSoft Application Server sessions. non-authenticated traffic from entering any point
in the DMZ and eliminates the exposure of network
Siebel Agents topology to outside users.
The Siebel Solutions Agents use the Security Adaptor
interface for the Siebel Object Manager to achieve the • Greater Deployment Flexibility. Secure Proxy Server
critical, Tier 2 security integration. With the eTrust supports multiple-session schemes for cookie and
SiteMinder SSO solution for Siebel, security adminis- cookie-less methods of session tracking. It provides
trators can implement a wide variety of authentication security for any back-end server environment, as
technologies to identify Siebel, link user sessions to well as a platform for building out wireless solutions.
ensure user single sign-out as well as increasing over- Advanced proxy rules dynamically route incoming
all website security as the Siebel Object Manager and requests to the appropriate backend server.
the eTrust SiteMinder Policy Server do not reside in
• Extensibility, Scalability and Robustness. Secure
the DMZ. eTrust SiteMinder enables Siebel customers
proxy Server is an open and extensible solution,
to extend SSO to their entire corporate web and
providing a set of Java APIs for providing custom
application servers, as well as to partner affiliate sites.
session schemes. It is also fully integrated with
Custom Agents eTrust SiteMinder’s scalable and robust architecture.
The eTrust SiteMinder Policy Server is a general-pur-
The Secure Proxy Server is a self-contained reverse
pose rules engine that can protect any resource that
proxy solution consisting of two components, the
can be expressed as a string, as well as any operation
proxy engine, with a fully integrated eTrust SiteMinder
on those resources. While web agents, application
Agent, and an Apache-based HTTP web listener. The
server agents and affiliate agents work with the stan-
Secure Proxy Server accepts HTTP and HTTP over
dard features of eTrust SiteMinder, administrators can
SSL (HTTPS) requests from web clients, passes those
extend agent functionality by creating and configuring
requests to enterprise back-end content servers, and
a custom agent using the Agent API and policy server
returns resources to the requesting client.
Management Console. Custom agents can participate
with standard eTrust SiteMinder agents in a single For detailed information on the eTrust SiteMinder
sign on environment. Secure Proxy Server, refer to the Secure Proxy Server
white paper available at http://www.ca.com/etrust
Custom agents work with the eTrust SiteMinder Policy
Server to control access to a wide range of resources
whether web-based or not. For example, custom
agents could be used to control access to an applica-
tion, application function or a task performed by an
10
Native Directory Integration requirement. eTrust SiteMinder offers a complete
eTrust SiteMinder is integrated with industry-leading password authentication solution and integrates out
directory services, eliminating redundant administration of the box with most leading authentication methods.
of user information. This integration simplifies admin- Since administrators often require varying levels of
istration and provides unique and comprehensive authentication security for different resources,
security capabilities. eTrust SiteMinder supports a range of authentication
mechanisms, including:
eTrust SiteMinder supports a range of leading LDAP
directories and relational databases. eTrust SiteMinder • Passwords
also supports mainframe (OS/390) security directories, • Two-factor tokens
such as RACF, ACF-2, and TopSecret. eTrust SiteMinder • X.509 certificates
treats these directories as if they are regular LDAP
• Passwords over SSL
user directories, and can provide both full authentica-
tion and authorization for users stored in these • Smart cards
directories. Support for these directories is achieved • Combination of methods
through an add-on component called the eTrust • Forms-based
SiteMinder Security Bridge.
• Custom methods
eTrust SiteMinder supports storage of policy informa- • Full CRL and OCSP support
tion in a variety of LDAP enabled directories and SQL • Biometric devices
databases.
• Forms and/or certificates
Even though the user and the policy store are logically Certificate revocation is a critical component of PKI
separate, the ability to store both users and policies in strategy, since invalid certificates must be rejected by
the same physical directory provides easier adminis- the authentication mechanism. eTrust SiteMinder
tration and better performance. Directory Mapping supports CRL processing for all leading public key
lets an application authenticate users based on infor- infrastructure (PKI) vendors, including the requirement
mation from one directory and authorize users based that the CRL is located in a directory and searched to
on information from a different directory. ensure the current certificate has not been revoked.
In addition, eTrust SiteMinder supports the use of
OCSP for real-time certificate validation.
eTrust SiteMinder
Authentication Management Authentication Policies
eTrust SiteMinder offers unparalleled control over Authentication policies give security administrators
what type of authentication method is used to protect unique management capabilities to mix and match
a resource and how that authentication method is authentication methods and brand and customize the
deployed and managed. Traditionally, it is very chal- credentials collected. eTrust SiteMinder also enables
lenging to successfully deploy and manage strong administrators to classify resources into groups based
authentication methods (for example, two-factor cer- on their value and assign different authentication
tificates); therefore, most companies default to using methods to each level.
user names and passwords. By centrally managing
all authentication systems and utilizing the eTrust
SiteMinder advanced authentication policy manage- Certificate Combinations and Alternatives
ment capabilities, companies can successfully deploy Authentication method combinations, such as certificate
mixed authentication methods based on resource and password, are very useful when stronger security
value and business needs instead of IT limitations. is required for a specific set of resources. It is also a
solution for enterprises where multiple administrators
might share a secured machine. The certificate
Authentication Methods identifies the machine, while each operator has
No single authentication technique is appropriate for their own password.
all users and all protected resources in all situations.
That’s why authentication flexibility is an important
11
Alternative methods (certificate or password) are ideal administrators need alerts if suspicious events occur,
when administrators require gradual deployment of such as a user failing several successive login
certificates. When a certificate for authentication is attempts. eTrust SiteMinder Password Services provide
installed, it is used; but, if a certificate is not present, an additional layer of security to protected resources
eTrust SiteMinder reverts to regular password by enabling the management of user passwords in
authentication. LDAP user directories or relational databases. To man-
age user passwords, administrators create password
policies that define rules and restrictions for govern-
Forms-based Certification ing password expiration, composition, and usage.
Forms-based authentication enables the implementation
of an authentication screen that is tailored to individual Password services can enforce multiple password
needs. This is useful when a common brand identity polices through a priority list of passwords that apply
is desired across all internal applications and sign-on for multiple applications being protected across one
screens. In addition, it supports custom attributes, or more user directories. Password services also
such as a Social Security number or mother’s maiden enable password self-service for end-users.
name, for authentication. For attributes in the user Developers can implement eTrust SiteMinder Password
directory, eTrust SiteMinder performs authentication Services through either CGI with customizable HTML
checks automatically, providing much greater log-in forms or through a servlet with customizable Java
security. Server Pages (JSP-forms).
• Directory Usage. Apply Password Services to an

Authentication Levels entire directory of users or to a subset. eTrust
eTrust SiteMinder supports authentication levels. Each SiteMinder also supports nested groups within the
authentication method is associated with a particular name-space of a user directory.
level, ranging from a top priority of 1 to the lowest
priority of 1000. When a user accesses a resource, the • Password Expiration. Set a maximum number of
authentication method priority is compared with the login failures and define inactive-password policies,
authentication method priority level that was used to that is, the time period after which an unused pass-
authenticate the user. If the level of the current word expires. Expirations can also be set for user
method is higher than the level used to authenticate passwords based on time variables, thereby forcing
the user, then a new authentication, using the new users to reset current passwords.
resource’s associated method, must be performed. If
• Password Composition. eTrust SiteMinder enables
the user has already been authenticated at a higher
the definition of minimum and maximum lengths of
level, no re-authentication is required.
password characters and whether passwords should
require numbers. Composition also uses a password
Directory Mapping dictionary. Regular expressions can be set in the
eTrust SiteMinder supports directory mapping, which dictionary and all valid passwords must either
enables applications to authenticate users with a include or exclude the expressions set in the refer-
specific directory, but authorize using attributes ence dictionary. Restrictions can be managed using
including group information stored in a different the dictionary reference. Reuse of older passwords
directory. This is critical because it supports the needs can be denied, similar password structures can be
of sites (such as ISPs) that centralize user identities in denied, and specific words can also be restricted
a single authentication directory, but manage group from use in a password.
membership and application privileges in a separate,
• Password Usage. eTrust SiteMinder includes a series
application-specific directory. It is also useful when
of advanced password services that enforce the use
authentication information is stored in a central direc-
of upper and lower case letters within a password:
tory, but authorization information is distributed in
all uppercase, all lower case, case does not apply.
separate user directories that are associated with
The use of white spaces can also be specified: no
particular applications.
white spaces, no white spaces before a character or
after a character.
Password Services
• Password Services Self-registration and Management.
Password management is a critical security and cost
eTrust SiteMinder enables end users to register as a
issue within most corporations. To maintain user
new user, create a user name and password, set
security, passwords must be difficult to guess, must
expirations to that password, and change the
change frequently, and must not be reused. In addition,
password whenever the user feels it necessary.
12
When Password Services are active, eTrust SiteMinder other eTrust SiteMinder HTML forms-based authenti-
invokes a password policy whenever a user is authen- cation scheme. As a result, impersonation is straight-
ticated as well as when a user password is set or forward to set up and configure, as well as being
modified. The Password Services action depends on straightforward to use.
the context, which includes the user credentials and
the policy. If the user is trying to create or modify the
password and the new password does not meet the eTrust SiteMinder
password policy requirements, the operation fails. If
the user is attempting to authenticate with a password
Authorization Management
that has expired, or if the user account was marked Entitlement management is one of the most critical
inactive, actions such as disable the account or issues for web applications. Users need to access
redirect to an information page, can also be specified information, but must be authenticated and authorized
in the password policy. based on their privileges before gaining access.
Traditionally, the entitlement management model for
web resources often varies across web servers, appli-
Impersonation cation servers, operating systems and development
eTrust SiteMinder supports impersonation, where tools. Consequently, the administration of one server
one authorized user can access what another user can differ from the administration of another, and
accesses. With impersonation, a customer service entitlement management capabilities offered by these
representative can act on behalf of users to run tasks various servers and tools can differ. These differences
for them that they otherwise might not want to, or can lead to administrative problems as well as an
know how to, run themselves. For example, a stock inconsistent security framework.
broker might use impersonation to complete a stock
transaction for a client. eTrust SiteMinder provides centralized authorization
management through its policies for all web
With impersonation, a previously authenticated user resources, across web servers, application servers,
uses their identity to assume the identity of another and so on. Administrators work with the Policy Server
user without presenting the other user’s credentials. Management Console to define policies that restrict
Secure information, such as passwords, do not have access to specific web resources by user, role, group,
to be transferred over the phone anymore. To start the dynamic group and exclusions. Centralized access
impersonation, the customer representative requests control through policies provides very fine grained
that a defined resource be mapped to the imperson- control to administrators, allowing them to implement
ation authentication scheme. Then, the representative access control at the file, page or object level.
is prompted to enter the impersonation username.
The Policy Server Management Console is a single,
eTrust SiteMinder makes sure that impersonation browser-based, administrative system that extends
is a secure operation, that only entitled users can across all intranet and extranet applications. A consis-
impersonate other users: tent security policy simplifies the central management
of multiple web applications. A centralized approach
• Administrators set up impersonation as an eTrust
to security management provides the following
SiteMinder rule in a policy. In this way, imperson-
advantages:
ation can be very finely controlled because policies
can define exactly who can impersonate whom for • It eliminates the need to write complex code to
which resources within a realm. manage security in each application.
• All impersonation sessions are audited to provide • The time and cost to develop and maintain multiple
a history of events for record keeping and security systems is eliminated; sites deploy only one
non-repudiation. Information from both the user security system for all applications.
who is impersonating and the user who is being
impersonated is recorded. • eTrust SiteMinder manages the security privileges
of customers, business partners, and employees,
• Private information can be hidden from the whether they access the corporate network locally or
impersonating subject, as necessary to protect a remotely through the internet or a private network.
customer’s privacy.
eTrust SiteMinder includes impersonation templates

that administrators can configure and brand, like any
13
eTrust SiteMinder Policies resolve values for variables in user attributes from
eTrust SiteMinder provides security and access man- user stores, data in forms users completed, or through
agement based on policies that make access and web services calls to local or remote data sources.
security management more flexible and scalable The values are then evaluated against the expression
because they are built around the user and the user’s as part of the policy decision making process,
relationship to the protected resource. together with other policy constraints.
A policy protects resources by explicitly allowing or For example, in a financial services website, a user
denying user access. It specifies the resources that are wants to access services that are available only to
protected, the users, groups or roles that have access customers with a certain credit rating. eTelligent Rules
to these resources, the conditions under which this can be implemented using web services calls to check
access should be granted, and the delivery method of the customer’s current credit rating with an external,
those resources to authorized users. If a user is denied online credit service. If the customer’s credit rating is
access to a resource, the policy also determines how adequate, then access is allowed (assuming all other
that user is treated. security policy criteria are met).
An eTrust SiteMinder policy binds rules and responses Additional information on eTelligent Rules is available
to users, groups and roles. The responses in a policy in a detailed white paper, available at
enable the application to customize the delivery of http://www.ca.com/etrust
content for each user. Policies reside in the policy
Options
store, the database that contains all the eTrust eTrust
SiteMinder
Policy
Rule or
Rule Group
Users or Groups
in a Directory
Response or
Response Group
eTelligent
Rule Time IP Address
Active
Response
SiteMinder entitlement information. The basic

structure of a policy is shown in Figure 2.
Determines User, Groups Action that occurs Expression Time when the IP address Dynamic
access to a Exclusions & Roles when a rule fires using external data policy can or that policy extension of
resource cannot fire applies to the policy
When a policy is constructed, it can include multiple
rule-response pairs bound to individuals, user groups, Figure 2.
roles, or an entire user directory. Administrators can eTrust SiteMinder Policy
also configure multiple policies to protect the same
web resources for different sets of users, adding Rules/Rule Groups
responses that enable the web application to further A rule identifies and allows or denies access to a specific
refine the web content shown to the user. resource or resources that are included in the policy.
One of the configuration options of a policy is a time Users

restriction. If a time restriction is specified for a policy A policy specifies the users, groups of users, or roles
and a rule in that policy also contains a time restriction, that are included or excluded by the policy. Users or
the policy executes only during those times when user groups are located in native directories linked to
both restrictions overlap. eTrust SiteMinder, and roles information is stored in
the eTrust SiteMinder policy store.
Today, line-of-business needs are driving IT security
managers to use real-time data, either entered by the Responses
user or by a third-party service, as part of the authori- A response defines information (for example, user
zation process. To process real-time data, security- attributes) that can be passed to an application when
related logic must be coded into back-end business a user is accessing the resource. The application may
applications. However, this security logic is expensive use this information to provide finer access control
to maintain because it requires developers to imple- and/or customize the appearance of the resource.
ment separate security-code changes for each back-
end application. What’s more, the custom security eTelligent Rules
code typically does not solve the business require- In addition to supporting static rules, administrators
ment because the authorization data cannot be can configure eTelligent Rules, that is, an active policy
evaluated in real time by the application. that authorizes users based on dynamic data obtained
from external business logic. For example, a policy
Security administrators can use eTrust SiteMinder could limit access to a specific application to cus-
eTelligent Rules to build comprehensive expressions tomers who have a current account balance of less
representing business logic and to utilize internal and than $1,000. In this way, application data that is often
external data for real-time decision-making. Variables, stored in transactional systems like a bank-transactions
whose values are dynamically retrieved at runtime, database can be included within the policy enforcement
can be used in the expressions. eTelligent Rules capabilities of eTrust SiteMinder.
14
IP addresses Global policies are managed by system-level adminis-
A policy may be limited to specific user IP addresses. trators only using the Policy Server Management
If a user attempts to access a resource from an IP Console, the Policy Management API, or the Perl
address not specified in the policy, the user will not script interface to the Policy Management API.
be allowed access.
Role based access control (RBAC)
Time restrictions eTrust SiteMinder software, running in conjunction
A policy may be limited to specific days or ranges of with eTrust IdentityMinder software, provides enter-
hours. A policy with a time restriction will not allow prises with role based access control. Roles define job
access outside specified times. responsibilities, or a set of tasks that are associated
with a job or business function. Each task corresponds
Active response to an operation in a business application. A single role
An Active Response allows business logic external to can have one or more tasks defined in it and users
eTrust SiteMinder to be included in a policy definition can have one or more roles assigned to them. An
enabling eTrust SiteMinder to interact with custom eTrust IdentityMinder central administrator creates
software created using the eTrust SiteMinder APIs. role and task definitions. Only after a user is assigned
a role can they perform the tasks defined in that role.
Global policies
eTrust SiteMinder’s global policies significantly When eTrust IdentityMinder is integrated with eTrust
improve how policies can be organized and they SiteMinder, eTrust SiteMinder extends the power of
reduce redundant operations for configuring multiple roles beyond job descriptors to access management.
policies in large enterprises. Global policies provide The eTrust IdentityMinder administrator works with
administrators with the ability to define policy objects, the eTrust SiteMinder administrator to bind eTrust
rules, and responses, with global scope separately IdentityMinder roles to eTrust SiteMinder policies.
from a policy domain. When separated from a Once the roles are bound to eTrust SiteMinder policies,
domain, administrators can define common policy the user and access management link is established.
objects, rules, and responses once that apply across eTrust IdentityMinder manages the users and their
multiple domains. Then, they can easily update the roles; eTrust SiteMinder manages secure access to
common policy objects, rules, and responses without resources specified by their roles.
having to locate each item in each realm throughout
the domains. In addition to improving policy adminis- The eTrust IdentityMinder-eTrust SiteMinder role
tration, global policies can help ensure compliance based access control implementation is non-intrusive
with federal regulations or corporate rules because and flexible. eTrust IdentityMinder roles can be used
they can enforce those rules and regulations across directly by eTrust SiteMinder without the need to
the enterprise, if required. modify user directories. eTrust SiteMinder access
control mechanisms are available to eTrust
Each component of a global policy remains comple- IdentityMinder roles without the need to modify
mentary to their domain-specific counterparts; that is, eTrust IdentityMinder role definitions.
if there is a domain-specific policy object, rule or
response with the same reference, the domain-specific
item takes precedence over the global item. System Single Sign-On
level administrators can also disable global policies
for any domain, if they so choose. Global policies One of the most common challenges site operators
allow time restrictions to be specified when rules face is multiple user logins. No universal single
are in effect. sign-on (SSO) solution exists today, primarily because
there are no formal standards to facilitate an open
For example, administrators define a policy in each solution. eTrust SiteMinder supports SSO in several
realm to redirect users to the same web page when ways: single sign-on in single and multiple cookie
users are not authenticated or not authorized to domains; Federated Security Services through SAML;
access a resource. With global policies, administrators integration with Microsoft .NET passport, and within
define a redirect policy once and that single global a Microsoft Windows environment. With its broad
policy can be used by all realms. Without global policies, support for single sign-on, users get seamless access
administrators have to define that same policy over to resources across networks of websites.
and over for each realm.
15
Single and Multiple Cookie Domains In an environment that includes resources across
When a user authenticates with eTrust SiteMinder, an multiple cookie domains, eTrust SiteMinder supports
encrypted cookie is created that contains the neces- single sign-on across applications running on hetero-
sary session information about the user. The cookie is geneous web and application server platforms using
encrypted with a 128-bit symmetric cipher. No user a cookie provider, a specially configured eTrust
password information is ever kept within the cookie. SiteMinder Agent that passes a cookie containing the
When the user requests access to a different protected user’s identity and session information to other cookie
resource, eTrust SiteMinder decrypts the information domains in the SSO site. This enables eTrust SiteMinder
in the cookie and securely identifies the current user. to authenticate the user across the entire virtual
No additional authentication is required. See Figure 3. website, even though it consists of multiple domains.
eTrust SiteMinder also supports cross-domain SSO. Within the SSO site, users enter their credentials upon
When users authenticate to a single internet domain, their first attempt to access a protected resource. After
eTrust SiteMinder eliminates the need to re-authenti- they are authorized and authenticated, they can move
cate when they access protected resources or applica- freely between different realms that are protected by
tions in a different domain. Cross-domain SSO is a authentication schemes of an equal or lower protection
critical capability, especially for large enterprises with level without re-entering their identification information.
multiple divisions or multinational businesses. See The above diagram shows SSO across multiple cookie
Figure 4. domains.
eTrust SiteMinder’s support for SSO improves the

Web Server
Mycompany.com with eTrust overall user experience simplifying access among
SiteMinder Agent
servers and applications. It also lowers the administra-
tive costs by allowing users to access the data they
/app1/
need using only one password.
User Authenticates Once
Employees
Partners
Customers
Mycompany.com Federated Security Services
eTrust SiteMinder makes it easy for administrators to
Application Server set up Federated Security Services. An authentication
/servlet 1/ with eTrust
SiteMinder Agent scheme is available to configure SAML producers,
Figure 3. user mapping, and validation information. Duplicate
Single sign-on within a single cookie domain user profiles in both the main site and partner sites
(one-to-one user mapping) is supported, but not
required. Federated Security Services also supports
one-to-many user mapping; for example, everyone
User entitlements Cookie domain
Session identity subsidiaryA.com
from a partner site can be mapped to one identity,
such as Partner Employee, in the local user store. The
Cookie domain policy server also adds issuer validation to ensure that
mycompany.com Application Server
Authentication
User entitlements
with Protected
Applications
the integrity of the token is intact when it is received.
Session identity
Cookie domain
Employees Web Server Designed subsidiaryB.com
Partners as the ìcookie providerî
Customers for the SSO Site
User entitlements
Session identity
Web Server
with Protected
Applications
Figure 4.
Single sign-on across multiple cookie domains
16
Figure 5 shows how the eTrust SiteMinder site, as a Figure 7 shows how the eTrust SiteMinder site, as a
SAML producer works, with affiliated sites. Because SAML consumer works, with affiliated SAML sites.
the eTrust SiteMinder site conducts the authentication Because eTrust SiteMinder can consume SAML tokens,
for all users, the affiliated partner sites don’t even it can easily interoperate with sites that don’t use
need a security solution. eTrust SiteMinder.
Affiliate Partner
Affiliate Partner
Web Server
with
SAML Affiliate
Agents
Web Security
Server Product A
<SAML>
Users eTrust SiteMinder <SAML>
Users eTrust SiteMinder
Web Server
with
eTrust SiteMinder
Employees
Partners Policy Servers
Web Server
Customers Employees with eTrust
<SAML> Policy Servers
Partners SiteMinder
Affiliate Partner Customers Agent
<SAML>
Web Server
with
Affiliate Partner
SAML Affiliate
Agents
Web Security
Figure 5. Server Product B
eTrust SiteMinder as a Producer with SAML
Affiliate Agents Figure 7.
eTrust SiteMinder as a SAML consumer with
Figure 6 shows how the eTrust SiteMinder site, as a SAML affiliates
SAML producer works, with affiliated sites that are
Microsoft .NET Passport integration
SAML compliant, but do not have a SAML Affiliate
Microsoft® Passport is an online user-authentication
Agent running at the site. The eTrust SiteMinder site
service. Passport lets a consumer create a single sign-
conducts the authentication for all users, but the affili- in name and password for easy, secure access to all
ated partner sites require a SAML compliant security Passport-enabled websites and services. Passport-
solution to enable single sign-on for users. enabled sites can rely on Passport to authenticate
users. However, Passport does not authorize or deny a
Affiliate Partner
specific user’s access to individual sites and applications.
With the integration of Microsoft .NET Passport services,

Web Security eTrust SiteMinder combines the convenience of .NET
Product
<SAML>
Passport authentication with eTrust SiteMinder author-
Users eTrust SiteMinder ization services. This combination allows organiza-
tions to retain fine-grained and secure control over
Web Server
their security policies through eTrust SiteMinder, while
Employees with
Partners eTrust SiteMinder Policy Servers participating in a trusted network that delivers a unified
Customers
<SAML> experience to Passport users. Passport users can log-in
Affiliate Partner
once using their .NET Passport user name and pass-
word, or credentials and seamlessly access a network
of .NET Passport enabled websites, as well as enter-
Web Security
Product
prise applications protected by eTrust SiteMinder. For
added security, an eTrust SiteMinder protected site
Figure 6.
eTrust SiteMinder as a SAML producer without SAML can choose to re-challenge the user for more secure
affiliate agents content.
17
Single Sign-on in the Windows Environment policy store. eTrust SiteMinder also tracks user sessions
eTrust SiteMinder single sign-on is especially impor- so administrators can monitor the resources being
tant in the Microsoft Windows environment because accessed, how often users attempt access, and how
users access many enterprise applications through many users are accessing the site. Additionally, eTrust
their Windows desktop. SiteMinder provides the ability to filter audit events
(for example, record only failed authorizations), allow-
Windows integrated security ing the administrator to only track events of interest.
Users who login to their desktop using Windows NT
authentication and use internet Explorer to access
e-business applications deployed on any web server, Reporting
including non-internet information server web eTrust SiteMinder audit data can be used to build
servers, can login to eTrust SiteMinder without being reports, leveraging the reporting solution that your
re-challenged as long as there is one IIS web server company currently uses. eTrust SiteMinder provides
configured to use eTrust SiteMinder. With this capabil- stored procedures and sample Crystal Reports tem-
ity, the user only has to remember their desktop plates. If you integrate Crystal Reports with eTrust
password. SiteMinder, you can take advantage of the sample
report templates described below. If you use other
Windows application login commercial reporting solutions, you can use the
eTrust SiteMinder also supports Windows application eTrust SiteMinder provided stored procedures to
login, enabling a user to login to eTrust SiteMinder easily access the audit information in the database
and subsequently launch Windows/COM+ web appli- and build your own reports. Regardless of your
cations such as Microsoft Outlook Web Access and reporting solutions, eTrust SiteMinder provides you
Microsoft Commerce Server. With Windows applica- with the data you need to generate reports like those
tion login, administrators can enforce access control described in this section.
on non-eTrust SiteMinder-protected Windows applica-
tions for all eTrust SiteMinder users with a Windows Report drill down capabilities
identity (NTLM or LDAP) by initializing their applica- eTrust SiteMinder reports begin with a summary of the
tion security context with eTrust SiteMinder. data in the report. Clicking on a summary item, such
as a date, user, or agent, allows administrators to
view more detailed information. Drill-down details
Auditing and Reporting contain the following information:
Administrators need to know who is doing what and • Time. Lists the exact times when each event occurs
when. eTrust SiteMinder auditing logs all activity from the oldest time to most recent.
throughout the eTrust SiteMinder environment. eTrust
SiteMinder stores the audit information in a flat file or • User. Contains the user name associated with the
relational database. When you set up eTrust SiteMinder reported event.
to store information in a relational database, you can
use commercial reporting solutions to present that • Agent. Lists the names of the agents where the
auditing information in any format required. report event occurred.
Changing federal laws, in-depth regulatory financial • Administrator. The eTrust SiteMinder Account
audits, and increased security threats from external Username is listed.
hackers have all pushed access management auditing
• Category. Describes the type of event that was
and reporting to the forefront of product feature sets.
logged.
eTrust SiteMinder reporting supports granular infor-
mation collection and analysis on access, activity, • Description. Describes the actual event that occurred
intrusion, and audit information to fulfill many of during the time noted in the Report. When any
these reporting requirements. category of event is logged as a rejection or failure,
the color of the text on the computer screen is red
and indicated by an exclamation (!) mark.
Auditing
eTrust SiteMinder audits all user and site activity,
including all authentications and authorizations, as
well as administrative activity, and any changes to the
18
Activity reports Time series reports
Activity reports show a variety of user, eTrust SiteMinder Administrators can view two types of Time Series
agent, and resource activity data at different levels of Reports:
granularity. There are four types of Activity Reports:
• Daily Transactions Report. Includes all successful
• All Activity Report. Transactions and failures of all and failed authentications and authorizations by day.
users that occurred during the period of time
covered by the report • Hourly Transactions Report. Breaks the data further
down into successful and failed authentications
• Activity by User Report. Users and their sessions, by hour.
including the number of transactions and failures
that occurred during the period of time covered by Time Series reports are displayed as bar charts. See
the report Figure 8. Administrators can view a chart of all trans-
actions, or view the authentications, authorizations,
• Activity by Agent Report. Lists active agents and or administration transactions separately.
provides information, such as the number of
transactions and failures that occurred on each 120
12
agent during the reporting period 100

10
8
80
• Activity by Resource Report. Resources accessed
Transactions
Transactions
6
during the reporting period, including host names, 60
the number of resources accessed, the number of 40 4
transactions, and the number of failed access 20 2
attempts 0 0
12:00 am
10:00 am
12:00 pm
1 2 3 4 5 6 7 8 9 1 0 11 1 2 1 3 1 4
11:00 am
1:00 am
2:00 am
3:00 am
4:00 am
5:00 am
6:00 am
7:00 am
8:00 am
9:00 am
1:00 pm
2:00 pm
3:00 pm
Date
Hour
Intrusion reports
Figure 8.
Intrusion Reports show failed authentication and Time series reports
authorization attempts by users and or agents at
different levels of granularity. The main intrusion
report is the All Failed Authentication and Authorization
Attempts report, which lists all failed user authentica-
Enterprise Manageability
tion, authorization and administration attempts by eTrust SiteMinder includes enterprise site manageability
date and time. This report is broken down into two features that ease deployment and ongoing site
sub-reports: administration through proactive centralized control
of operating environments and monitoring of system
• Failed Authentication and Authorization Attempts availability and operating status.
by User
OneView Monitor
• Failed Authentication and Authorization Attempts
eTrust SiteMinder OneView Monitor collects and dis-
by Agent
plays real-time operation status information, including
Administrative reports failure alerts, about eTrust SiteMinder policy servers,
The main administrative report is the All agents, and other core components such as authenti-
Administrative Activity report, which covers all cation and authorization services. Information is pre-
administrative activity by date. It is broken down into sented graphically so that administrators can rapidly
two sub-reports: assess an entire environment with multiple policy
services, or the status of an individual component.
• Activity by Administrator Report. Covers all When a problem is reported, administrators can scan
administrative activity by administrator. summary information to review overall system status,
identify components with failure alerts, and drill-down
• Activity by Object Report Report. Covers all
to obtain detailed status information.
administrative activity by object (Administrator,
Agent, Policy, and so on). In the event of a component failure, eTrust SiteMinder
OneView Monitor can display and alert an administra-
Each report contains columns of information including
tor right away so that no time is wasted in reporting
Time, Administrator, and a brief description of the
the problem. Administrators can then take pro-active
activity.
action to correct problems, possibly even before users
experience any trouble.
19
With the SNMP integration capability, administrators After glancing through the XML file report, adminis-
can set up automatic recovery procedures based on trators can determine if any components require
failure alerts. For example, a failure report can kickoff updating, if there are any version mismatches, and if
an e-mail message or a pager message to the person the correct agents are deployed where needed.
who is closest to the problem. The recovery time can
then be reduced even further because the responsible When working with the eTrust SiteMinder support
person is alerted as quickly as possible. team to resolve a problem, administrators can send
eTrust SiteMinder Environment Collector information
eTrust SiteMinder OneView Monitor can be easily con- to the support team. With accurate and up-to-date
figured so that administrators can set up the displays data to work with, the support team will be able to
to report information exactly as they need it. They can work on reproducing and resolving the problem.
filter out data that might not be important to their
environment; they can sort data according to their Test Tool
priority; and they can specify update intervals to make After a problem is reported, administrators must have
sure they have fresh data when they need it. the correct tool to identify and isolate the cause of the
problem, so they can move quickly to resolve it. The
Environment Collector out-of-the-box eTrust SiteMinder Test Tool simulates
When problems are reported, it is critical to have agent operations so that a policy server can be iso-
detailed information about all the operating compo- lated from the agent environment. Once isolated, the
nents of the environment to help identify and isolate administrator can determine whether the policy server
the root cause of the problem and, if necessary, to is creating the problem or another component in the
reproduce the problem in a testing lab. Because a environment where the policy server is running.
security solution interacts with many critical systems
distributed worldwide that are owned by different The eTrust SiteMinder Test Tool can test the connection
people or groups, it might take the security adminis- to the policy server to see if it is down. If the connec-
trator days to contact the right people to get all the tion is available, the administrator can test the policies
details they need about all the components connected associated with the application that reported the
to the security system. Even after the information is problem. The administrator can run tests that check if
collected, it could go stale very quickly as components the resource is protected, if the user is authenticated,
get upgraded. and if the user is authorized for the resource. Debug
information is also provided.
The eTrust SiteMinder Environment Collector provides
a snapshot of the eTrust SiteMinder runtime environ- Logging and policy profiling
ment for any policy server in the enterprise. When With useful logs of day-to-day system activities,
problems associated with a policy server crop up, administrators can prevent many problems from
administrators use eTrust SiteMinder Environment happening and troubleshoot problems quickly when
Collector information to assess exactly what compo- they occur.
nents the policy server is working with. With up-to-
Policy server and agent logs are separate from tracing
the-minute environment information, the security
logs to make log files easier to manage. Because sep-
administrator can resolve the situation much faster.
arate logs are smaller and easier to work with, admin-
The Environment Collector collects the following istrators also have more precise control over log
information about a policy server: verbosity because they can specify different verbosity
settings for each log. In addition, administrators can
• User stores and databases being accessed by the apply tracing and logging settings without restarting
policy server. the policy server. For example, an administrator can
add a data field in the trace logs and eTrust SiteMinder
• Custom modules being used by the policy server.
adds the field automatically without restarting the
• Agents that are interacting with the policy server. server.
• Registry information.
Policy server and agent logging include the following
The type of information collected includes the name capabilities:
of the component, its version, patch levels, which
policy server the component works with, how the • Agent and policy server logs can be correlated
components are connected, and other environment through a transaction ID allowing the administrator
attributes that affect how eTrust SiteMinder operates. to follow both agent and policy server operations to
This information is stored in an XML file. more easily identify the problem. For example, when
multiple agents are making requests to a policy
server, having a single transaction ID allows
20
administrators to isolate a call from a particular • All configuration information is centralized and
agent, providing more precise and relevant stored in the policy store, providing greater security
troubleshooting information. for configuration information.
• Logging profiles can be saved for quick retrieval and • It is easy to delegate administration for creating and
alternation between production and troubleshooting managing the new centralized agent to the
modes. The output can be sent to either a system administrator who has organizational responsibility
console or a file. for the agent.
Policy profiling, or trace logging, includes the following • Configuration templates make it very easy to
capabilities: configure multiple agents into logical groups.
• Policy profiler (previously called the debug tracer) • Web servers do not need to be re-booted when
can trace policy server operations across policy configuration changes are made.
server components.
• Administrators can configure trace logs to generate Rapid Policy Deployment

detailed and selective information. For example, When new or modified policies are being deployed in
they can configure trace logs to include feedback on a production environment, it’s important to fully test
selected operations in specified components, such those policies offline before they “go live,” lest
as a source file or an IP address in data fields. inadvertent errors appear in the policy specification
that cause serious security problems later on. That’s
• Multiple output formats are available for easier why many enterprises use multiple staging environ-
parsing of trace information and integration with ments for developing, testing and deploying new
other trace reporting systems. Output formats policies. However, as environments grow in size, the
include fixed width fields, XML, user-specified number of policies can often make management of
delimited fields, among others. these environments quite challenging. Since
re-entering policies can be laborious and error-prone,
Error handling includes the following capabilities:
administrators need an automated way to move
• Accurate and comprehensive information about the policies from one environment to another to simplify
operation of eTrust SiteMinder processes is management of larger environments.
recorded.
With the import/export tool, eTrust SiteMinder easily
• System informational messages down to the
and automatically migrates entire policy structures
functional level provide detail information.
from one environment to another. For example,
• Administrators can filter errors by specifying precise operators can change policy names and attributes
criteria, such as severity. to accommodate the new environment, such as new
machine names or IP addresses. The import/export
tool has the following capabilities:
Centralized Agent Management
eTrust SiteMinder provides central agent management • First-Time Deployment. Copy an entire policy config-
that enables central and dynamical control and configu- uration from one environment to another and then
ration of web agents. Additionally, central agent man- edit the configuration before or after the import.
agement can logically group agents based on your
organization. • Incremental Deployment. Export individual policy
objects to new environments and overwrite the
When a new agent is installed on a web server, the comparable object on the new system. Edit the
installation process establishes a secure connection configuration for first-time deployment, either before
with the policy server and receives default configuration or after the import operation, simplifying re-testing
settings. This increases security since the configuration and re-deployment of individual policies.
information is moved from the web server in the DMZ
and resides in the policy store. With this configuration, • Flexible Scripting Capabilities. Develop scripts in a
the possibility of a security compromise of the config- standard text editor and store them in source code
uration information is significantly lower. Some are control systems to maintain versioning.
the key benefits of this capability are:
• Import Object Mapping. Easily map, that is, rename,
an imported object if the name is not unique.
21
Unattended installations cache that is searched before the regular policy cache.
In large enterprises, administrators install eTrust In addition, eTrust SiteMinder caches user attributes to
SiteMinder Policy Servers and agents on many sys- optimize LDAP calls. These caching facilities provide
tems. In many cases, these installations are the same outstanding performance, even for very large number
from system to system. With unattended installations of users or policies.
in eTrust SiteMinder release r6, administrators use
Java-based installation templates to automate these Through independent tests conducted by Mindcraft
installations. With automatic installations, eTrust Inc., eTrust SiteMinder has demonstrated industry-
SiteMinder can be rolled out faster to better meet the leading performance for user authentications and
needs of rapidly expanding global businesses. authorizations. Figure 9 summarizes the outstanding
performance that eTrust SiteMinder offers.
The unattended installations use a platform-independ-
ent Java installer, which allows the installation to run
the same way, with the same look and feel, on both 120,000
Unix® and Microsoft Windows operating systems.
100,000
Administrators work with templates to specify how to
Log-ins Per Minute

install and configure a component, such as a web 80,000
agent. Then, the templates can be re-used throughout
60,000
the security environment to ensure a uniform and
consistent installation and configuration of the 40,000
component. Template re-use saves the administrator
iPlanet LDAP
20,000
from countless, repetitive installation procedures.
MS Active Directory
0
Command line interface 1 2 4
eTrust SiteMinder includes a full command line CPUís
interface to leverage the power of Perl scripting and Figure 9.

make it easier to dynamically control the system. All eTrust SiteMinder performance data on Windows NT
programmatic capabilities formerly available only to and Unix
C and Java programmers are now accessible to
developers using standard Perl scripts. Bulk operations
Operations for initializing the policy server and for
Through the range of eTrust SiteMinder APIs, compa- auditing run in bulk to ensure efficient runtime
nies can use scripts to test and verify policies, examine performance. Each time the policy server starts, it is
configurations, and automate the routine chores com- initialized by retrieving policy data from a policy store,
monly performed. The Command Line Interface offers which is defined in LDAP directory servers or ODBC
a complete scripting interface to the eTrust SiteMinder databases. For ODBC database policy stores, the
Policy Server making customizations and proof-of- query (SQL) statement operations for retrieving
concepts easier and quicker. policies are combined, resulting in a minimal number
of retrieval operations and in quick initialization.
Performance, Reliability, eTrust SiteMinder auditing transactions can be stored

in a relational database using ODBC. When using a rela-
Scalability and Availability tional database, bulk SQL statements and asynchro-
eTrust SiteMinder is used today in some of the world’s nous database management operations make the
largest corporations and is designed to meet the process of storing records as quick as possible.
needs of corporations requiring a fast, efficient,
24x7 security solution for their extensive user and Authentication and authorization
application services. When eTrust SiteMinder evaluates whether a resource
is protected, a very fast binary search algorithm is
used. This algorithm results in rapid transaction times
Performance when determining whether access control is required
eTrust SiteMinder provides extensive, fully tunable, for a resource.
caching facilities, so that all resource and policy infor-
mation is available without requiring a call to either The eTrust SiteMinder object cache groups rules with
the policy server or a directory. The policy server realms for a more efficient search of policies to make
supports two-level policy caching, so that recently authorization decisions. The cache is bound by size,
accessed policy information is kept in a separate not by number of entries, providing a rapid and
predictable search of policies.
22
Reliability, Availability and Scalability requests are handled locally. Policy servers in a clus-
These optimizations enable rapid run-time performance, ter can be running on different platforms or physically
especially when working with large policy stores. For located in different places. As a result, clustering is
example, tests indicate that the policy evaluation viable in both homogeneous and heterogeneous
response time for a policy store with one realm is the policy server environments.
same as the response time for a policy store with up
to thousands of realms. Clustering offers administrators these features:
eTrust SiteMinder has been designed specifically to • Dynamic Load Balancing. Dynamic agent-to-policy
meet the needs of e-business sites that must support server load balancing allows higher levels of pro-
a large number of users with high authentication and cessing loads to get allocated to faster servers
authorization rates. Though eTrust SiteMinder is easy within the cluster. More effective load balancing
to configure and deploy for small workgroup environ- increases maximum system throughput because
ments, it can scale to large installations that support agents get served by the policy server that can provide
very large user or resource populations. eTrust the fastest response at any given time. Agents will
SiteMinder provides outstanding scalability due to be served by a policy server instance within the clus-
the following capabilities: ter that previously provided the best response time.
• Replication and Failover. Each web agent can be • Automatic Failover. Agents are decoupled from pol-
configured to communicate with multiple eTrust icy servers. As a result, agents transparently failover
SiteMinder Policy Servers. If the current policy from one cluster to another, according to criteria
server becomes unavailable, the agent automatically established by the administrator. When the number
establishes a connection with the next policy server of available policy servers in cluster falls below the
and continues processing. This operation is trans- criteria, agent requests are automatically sent to
parent to the user. For increased availability, in another cluster without interrupting service.
the event of a failure, eTrust SiteMinder provides
With these features, the administrator can easily scale
automatic restart of all server processes. eTrust
policy servers to meet increasing service requests in
SiteMinder also provides the failover mechanism for
growing enterprises.
user directories, that is, if the current user directory
is unavailable, the policy server automatically estab-
lishes a connection with the next user directory.
Security
• Load Balancing. eTrust SiteMinder supports auto- A security system is only as strong as its weakest link.
matic load balancing, which significantly improves That’s why it’s critical that all components and com-
the scalability and performance of eTrust SiteMinder munication paths be secure, so that intruders cannot
in large deployments. The web agent distributes mul- compromise the overall system security by stealing
tiple user requests across multiple policy servers. The passwords or impersonating other users. eTrust
policy servers can also load balance their requests SiteMinder offers security at each point in its operation.
across a set of directory servers. In this way, eTrust
SiteMinder can distribute its system load across More specifically, it provides several capabilities to
other servers to improve overall system throughput. ensure that data and applications are not compromised.
Policy Server Clusters

Administrators can group multiple policy servers into Data Confidentiality
a cluster that works with a set of agents. With clusters, eTrust SiteMinder encrypts all data and control infor-
administrators get powerful new features for managing mation that passes among components. All traffic
clusters to derive the most efficient service from them. among the policy server, the web agent, and the
administrative interface is sent over TCP using 128-bit
Any set of policy servers can be clustered, based on RC4 encryption, providing very strong confidentiality.
criteria that are important to the security system All user cookies are encrypted using RC2. Encryption
implementation. An administrator might choose to keys are generated automatically and randomly by the
cluster policy servers for a number of reasons, includ- policy server. This operation is totally transparent to
ing: physical location, resources they are protecting, the administrator, though a re-generation of the keys
organizations they are supporting, or machine speed can be forced at any time, or at any regular interval,
and memory. For example, when clustering policy for added security.
servers according to geography, an administrator can
group policy servers in one area to make sure agent
23
Mutual Authentication Session and Idle Timeouts
Administrators must ensure that a server is not an Companies can centrally define both idle and session
impostor collecting sensitive information such as, timeouts for individual applications. For example, a
credit card numbers. Both the web agent and the sensitive finance application might have an idle time-
policy server authenticate themselves to each other, out of two minutes when there is no browser action.
using a shared secret to encrypt an authentication The application can also have a maximum user-session
message. This secret is never passed over the network, time which will automatically logout users after a
even in encrypted form, and so cannot be stolen from specified period of time.
the network. This technique ensures the structural
integrity of the eTrust SiteMinder components them-
selves, so that an eavesdropper cannot steal useful Rolling Keys
information, nor impersonate an eTrust SiteMinder eTrust SiteMinder can centrally and automatically roll
server or agent. over all keys that agents use to encrypt/decrypt cookies.
Without the eTrust SiteMinder automatic rollover, IT
administrators would need developers to implement a
Revocation of User Credentials rollover scheme themselves, which is extremely
Some sites need to immediately revoke access control difficult to do. eTrust SiteMinder’s rolling keys makes
privileges of a specific user; for example, when an the eTrust SiteMinder cookie extremely secure
employee is terminated. eTrust SiteMinder supports a because it can be done simply, easily, and reliably by
rapid response through the use of commands to flush eTrust SiteMinder and relieves companies from having
specific information from the web agent cache. The to rely on home-grown implementations.
following operations are available both through the
administrative interface and through the API. Administrators can also automatically generate and
reset trusted host keys by delivering them securely to
• Flush the user cache the trusted hosts, without requiring that the policy
server or agent be restarted. The administrator can
• Flush the resource cache
specify how often shared secrets are reset according
• Flush both caches to a schedule that is best for their environment—
• Flush all resources in a specific realm hours, days, weeks or months. Administrators can dis-
able automatic shared secret rollover for specific
• Flush a specific user entry in the user cache trusted hosts and continue to perform manual shared
secret rollovers, if required.
Encrypted Session Cookies
The eTrust SiteMinder session cookie is a RC4,
128-bit-encrypted session ticket that has browser Hardware Stored Encryption Keys
information, time, Distinguished Name, an encrypted eTrust SiteMinder has partnered with nCipher, the
seed, and other information not disclosed in this industry leader in hardware-based encryption, to
paper for security reasons. All these fields are implement storage of the host encryption key in hard-
encrypted and randomly ordered. ware. This hardware technology adheres to industry
standards and allows for highly secure yet flexible key
eTrust SiteMinder does not embed IP or password management. nCipher’s HSMs incorporate the use of
information in the cookie sent back to the browser. smart cards (“tokens”) and a card-reading device to
Many homegrown and competing products make the securely manage the encryption keys. Using nCipher’s
mistake of including IP information, causing massive HSM, the key management functionality within the
firewall problems in network address translation eTrust SiteMinder environment supports true random-
(NAT) environments. number key generation, back-up, fail-over, and
archiving capabilities in a FIPS 140-1 certified module.
The eTrust SiteMinder session cookie has been tested
and approved by the security committees of Dean
Witter, E*Trade, WellsFargo, Citigroup, American LDAP Protection from Denial-of-service Attacks
Express, BancOne, Bank of America and other large As noted in Carnegie Mellon, CERT 2001-18
financial companies. In addition, eTrust SiteMinder (http://www.cert.org/advisories/CA-2001-18.html),
offers an optional Reverse Proxy Server solution that LDAP directories are extremely susceptible to denial
allows a customer to use various means of session of service (DOS) attacks. eTrust SiteMinder eliminates
control: a standard eTrust SiteMinder session cookie, these DOS attacks by placing a eTrust SiteMinder
SSL ID, miniature cookie for wireless solutions, or Policy Server between the web server and the LDAP
encrypted URLs. directory.
24
In addition, eTrust SiteMinder ensures that packets rity logic resides behind the DMZ in the protected
attempting authentication match the eTrust eTrust SiteMinder Policy Server. This architecture
SiteMinder-encrypted key before passing on authenti- ensures security by not exposing any access logic or
cation or authorization attempts to the policy server. policies in the DMZ.
This chokes off DOS attacks on the eTrust SiteMinder
infrastructure.
eTrust SiteMinder Developer
Protection from Cross-Site Scripting Capabilities
A cross-site scripting (CSS) attack can occur when the The eTrust SiteMinder Software Developers’ Kit (SDK)
input text from the browser (typically, data from a supports the development of custom applications to
post or data from query parameters on a URL) is embed eTrust SiteMinder in their environment, and to
displayed by an application without being filtered for extend the capabilities of eTrust SiteMinder. Java and
characters that may form a valid, executable script C APIs are provided to offer developers a choice of
when displayed at the browser. For example, an attack programming languages. Both interfaces contain sev-
URL can be presented to unsuspecting users. When it eral sets of APIs. Each set lets developers implement a
is clicked, an application could return to the browser a particular feature, such as developing a custom agent
display that includes the input characters, perhaps using the Java APIs or extending an authorization
along with an error message about bad parameters on scheme using the C APIs. Both client-side and server-
the query string. The display of these parameters at side APIs are provided in Java and C. Both C and Java
the browser can lead to an unwanted script being agent APIs can also run on Linux.
executed on the browser.
eTrust SiteMinder agents support various options to Creating Custom Agents

filter attacks by bad characters in the URL. Using The Agent API is used to build custom agents for
these agent configuration options, the administrator enforcing access control and managing user sessions.
can specify bad CSS, URL and query characters that Enforcing access control consists of authentication,
the agent uses to block or filter and prevent attacks. authorization, and auditing of the user. The Agent API
works in tandem with the policy server to greatly
simplify application development while increasing
Unique Secure HTTP Header Passing
application scalability with respect to the number of
Through the central eTrust SiteMinder user interface,
applications and resource-privilege pairs.
administrators can pass user store attributes through
HTTP headers to applications through the eTrust Additional capabilities provided by the Agent API
SiteMinder web agent into the inbound channel of the include full session management support, notifications
web server. Since the eTrust SiteMinder filter is the for agent key rollovers, real-time policy updates,
dominant filter, it can overwrite all other filters to policy server fail over, load balancing and logout
ensure header validity. In addition, this inbound reason codes. With logout reason codes exposed,
channel is not visible to external users in the DMZ. developers implement client applications that set finer
That means no firewall port, from the web server to granularity in reporting why a logout was initiated. In
the user store (LDAP, MS/SQL, Oracle, Novell), needs addition, logout codes can be used to write separate
to be opened. eTrust SiteMinder can pass these user event handlers to handle the different logout events.
store attributes to the application through its The logout codes include: Idle Timeout, Session
encrypted channel. What’s more, the channel from the Timeout and Explicit Logout. The availability of these
policy server to the web agent is RC4-128-encrypted. logout reason codes provides more and better auditing
information about user activities.
Advanced Web Agents

eTrust SiteMinder does not put authentication or Single Sign-on Support for Custom Agents
authorization logic on a web server, a common mistake Custom agents built with the Agent API can participate
of homegrown and competitor products. Instead in a single sign-on environment with standard eTrust
eTrust SiteMinder employs unique web agent filters SiteMinder web agents. Using the Cookie API, custom
(NSAPI– Netegrity, ISAPI – Microsoft IIS, DSAPI – agents can also create third-party SMSESSION cookies
Domino and Apache Modules) that integrate with and that can be accepted by standard eTrust SiteMinder
operate as part of the web server. Web agent filters web agents. Customers have the option to enable or
are much more secure than storing authorization and disable the capability for standard eTrust SiteMinder
authentication processes on the web server. All secu- web agents to accept third-party cookies created by
custom agents.
25
Managing the Policy Store Server Management Console to define active rules,
The Policy Management API is used to manage all the active policies, and active responses.
objects within the eTrust SiteMinder Policy Store. With
the Policy Management API, companies can develop
custom Policy Management interfaces to eTrust Adding a Directory Provider
SiteMinder. For example, a developer can write an The Directory API is used to develop plug-in modules
application that allows administrators to manage to the policy server for implementing a custom user
policies, policy responses, global policy configuration, store that eTrust SiteMinder does not support. eTrust
authentication schemes and password policies, shared SiteMinder supports the following namespaces for user
secret rollover for trusted hosts, and affiliate and affili- directories:
ate domain management functionality. Both program-
• LDAP
ming and command line interfaces (CLI) are available.
• ODBC
• Microsoft Windows NT
Managing the User Store
The DMS API enables management of objects within a • Custom
eTrust SiteMinder user directory. Users of the DMS API Using the Directory API, an interface can be built to
can develop custom User Management applications any custom user directory or database.
using eTrust SiteMinder that enable privileged users to
create, add, modify and delete organizations, groups or
users. The DMS API performs the following tasks: Integrating with eTrust SiteMinder Events
The Event API lets customers build custom handlers
• Manage directory entries for eTrust SiteMinder events. Through the Event API,
• Discover user privileges eTrust SiteMinder can log events using outside sources,
providers, or applications. Administrators can then
• Enable/disable users
access the logged information through these other
• Grant DMS roles to users sources, providers, or applications. Using the Event
• Paging and sorting when search LDAP directories or API, developers can build applications to alert admin-
ODBC databases istrators of eTrust SiteMinder activity. For example, an
event handler can send an e-mail to the administrator
Using the DMS Workflow API, developers can add when the accounting server starts or someone creates
pre- and post-process functionality for specific DMS a new policy.
API. The DMS APIs available for specifying the pre-
and post-process functionality include those used for
modifications such as set, delete, and associations. Session Server API
The pre and post functionality is implemented as a The Session Server API allows enterprises to store
shared library and is configured within the eTrust application state information associated with the user
SiteMinder Policy Server Management Console. and make it available to all applications as a shared
service.
Creating a Custom Authentication Scheme

The Authentication API is used to develop plug-in Creating a Secure Communication Tunnel
modules to the policy server. These APIs are used to The Tunnel Service API provides secure transfer of
define new authentication schemes as well as custom data between an agent and a shared library on a
implementations of known authentication schemes. policy server that supports the Tunnel Service. Use
Modules developed using this API are implemented as these APIs to develop tunnel services to securely
shared libraries and can be configured using the eTrust communicate between the agents and the shared
SiteMinder Policy Server Management Console. The library on the policy server. When an agent sends a
Authentication API supports any type of user credentials: tunnel request to the policy server, the request contains:
• The name of the service library

Flexible Authorization • The function to be called in the service library
The Authorization API is used to develop plug-in
modules to the policy server for performing custom • The data to be passed to the function
authorization functions. Modules developed using this The policy server initializes the appropriate service,
API are implemented as shared libraries. The modules
can be configured using the eTrust SiteMinder Policy
26
invokes the requested function, and passes the data to • Enhance Users’ Experiences. eTrust SiteMinder’s
the function. Once the service has performed its task, single sign-on capabilities let users move from appli-
the policy server returns the results to the agent. cation to application, or site to site, without having
to sign on multiple times with different identities
and passwords. For employees, single sign-on lets
Summary workers get their work done more efficiently; and for
customers, single sign-on lets users get the personal-
eTrust SiteMinder is one of the premier security
ized information they need to do business easily and
solutions for global organizations because it can
without frustration.
cost-effectively provide an efficient security access
management solution that lets business in while • Improve Security. eTrust SiteMinder provides cen-
keeping risk out: tralized authorization and authentication services to
remove security enforcement from many hundreds or
• Reduce Administrative Costs. eTrust SiteMinder
thousands of applications. With centralized security
robust set of administration tools makes it one of the
enforcement, security is consistent, comprehensive,
most manageable security systems available today.
and reliable so that no holes are left open in an
With centralized tools, security administrators can
eTrust SiteMinder secured web environment.
manage up to millions of users and secure thousands
of resources across the world, 24 hours a day, 7 days • Improve Security System Manageability. With
a week. With security in such a heterogeneous, eTrust SiteMinder’s auditing, logging and reporting
always available system being managed centrally, capabilities, administrators can keep eTrust
security administration expertise can be centralized SiteMinder running smoothly and efficiently by
to significantly reduce total cost of ownership. analyzing system activities and preventing problems
before they occur. When problems do occur, eTrust
• Reduce Development Costs. eTrust SiteMinder readily
SiteMinder’s top-notch troubleshooting tools give
integrates with existing applications so that applica-
administrators the information they need to resolve
tions can take immediate advantage of its security
the problem quickly so that security services remain
services without having to be re-designed, re-built
available.
and re-deployed. As a result, an eTrust SiteMinder
security solution can be quickly deployed, without
having to rely extensively on programmers, who can For More Information
then concentrate on business logic. eTrust Identity and Access Management Website:
www.ca.com/etrust
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This
document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “AS IS” without warranty of any kind, including,
without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage,
direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of
such damages. MP279220605

Technical Whitepaper Der v2

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Technical Whitepaper Der v2

Transféré par

Droits d'auteur :

Formats disponibles

White Paper

Technical White Paper

Enterprise Manageability eTrust SiteMinder administrators also have the option

including firewalls, dialup servers, and other RADIUS-

A Standards-Based Solution Web Server

leading infrastructure technologies, there are many

SAML affiliate agents

• Directory Usage. Apply Password Services to an

eTrust SiteMinder includes impersonation templates

SiteMinder entitlement information. The basic

One of the configuration options of a policy is a time Users

eTrust SiteMinder’s support for SSO improves the

With the integration of Microsoft .NET Passport services,

agent during the reporting period 100

the number of resources accessed, the number of 40 4

transactions, and the number of failed access 20 2

• Administrators can configure trace logs to generate Rapid Policy Deployment

Log-ins Per Minute

interface to leverage the power of Perl scripting and Figure 9.

Performance, Reliability, eTrust SiteMinder auditing transactions can be stored

Policy Server Clusters

eTrust SiteMinder agents support various options to Creating Custom Agents

Advanced Web Agents

Creating a Custom Authentication Scheme

• The name of the service library

Vous aimerez peut-être aussi