Académique Documents
Professionnel Documents
Culture Documents
eTrust SiteMinder r6
™ ®
4
quickly becomes unmanageable. With each application and users increases, administrative costs can spike
storing its own user privilege information within an drastically. As web applications continue to gain in
application-specific repository or ACL, separate from strategic importance, the management and adminis-
any corporate user directory, redundant user adminis- tration of these complex environments will be among
tration and user databases are created that quickly get the most pressing IT challenges.
out of synchronization with the corporate directory,
compromising security and the user experience. Keeping user administration costs down
Whether it’s expanding the customer base, adding
Providing a quality single sign-on experience suppliers to the extranet, reorganizing divisions, or
Successful websites need to provide customers with improving service quality, people are the center of
the information and services they want, and that the every business initiative. But, as e-business websites
company wants them to see, in a personalized context grow, the number of users interacting with the sites
that is easy to understand and navigate. If the content also grows, and those increases translate into a broad
is not personalized, or if users must endure multiple range of significant management challenges:
sign-ons to different applications, they become quickly
frustrated and go elsewhere. In addition, companies • Assigning authentication methods to resources
might forge relationships with any number of affiliates and users
and partners whose sites, information and services • Synchronizing IDs and passwords across multiple
offer complementary value. directories
Federation enables companies to provide users single • Enabling self-registration and password support
sign-on by transparently linking to all resources for users
within the company’s main website, and its affiliates’ • Providing phone and online support to thousands
websites from the main site. Single sign-on lets users or millions of users, 24x7, around the globe.
easily conduct business or obtain more detailed
product information. Choosing the correct technology partner
Total cost of ownership is directly related to the ability
to support open standards that leverage existing IT
Managing the Secure Website investments, offer extensive partnership integration,
From an operational perspective, security issues also avoid vendor dead-ends, and minimize expensive
play an important role in how companies manage third-party integration. It’s possible, of course, to
and operate websites. Key issues include leveraging achieve an impressive return on investment (ROI) by
redundant points of administration and managing the moving applications, and the business processes they
associated costs of supporting multiple applications support, to the web, but the key is how to do so cost
and platforms. effectively. As new web applications are deployed,
ROI numbers rise, but with each new application,
Implementing security for multiple web applications access, security management, and scalability
The scheme for managing authentication and requirements and issues also arise. To solve that
authorization for web resources often varies across problem, companies need comprehensive open
web servers, application servers, operating systems application program interfaces (APIs), directory
and development tools. Consequently, administration mapping, and a 24x7 redundant architecture.
and authorization capabilities can vary greatly. These
differences can lead to administrative problems as The right solution removes security from each
well as an inconsistent security framework because application and centralizes all user management
these more complex environments are often more and security in one place. eTrust™ SiteMinder® is the
costly and time consuming to administer than single- right solution: it provides corporate and consumer
platform environments. As a result, the quality of e-business sites with the secure, scalable and reliable
website security is often lower in heterogeneous envi- identity and privilege management infrastructure they
ronments, which is clearly an unacceptable situation. require for conducting business. It also provides cen-
tralized control that administrators need to efficiently
Managing the security infrastructure manage and support that security infrastructure.
It’s a daunting and expensive challenge to deploy
large-scale websites that can encompass hundreds of
web servers, applications, and security policies as well
as multiple types of authentication systems to enforce
authentication and access control; all with 24x7 con-
tinuous availability. As the number of applications
5
eTrust SiteMinder Features company’s main site, without having to be re-authen-
ticated. Companies with eTrust SiteMinder security
and Benefits solutions can interoperate securely and more effectively
with more sites, including sites that use other security
eTrust SiteMinder offers the type of solution
solutions. Users experience a more seamless experi-
businesses need to meet the challenge of building and
ence across affiliated sites, improving the chances for
managing secure websites. eTrust SiteMinder provides
increased revenue and enhanced relationships.
all the essential security services required to meet this
challenge, while also including management features
and technical capabilities that can reduce the total Authorization Management
cost of ownership. eTrust SiteMinder centralizes the administration of
user entitlements for customers, partners and employ-
ees across all web applications through a shared
Authentication Management
service. The eTrust SiteMinder advanced architecture
eTrust SiteMinder supports a broad range of authenti-
and ability to enforce all web-based security policies
cation methods including passwords, tokens, X.509
across the enterprise eliminates the need for redun-
certificates, custom forms, and biometrics, as well as
dant user directories and application-specific security
combinations of authentication methods. It also sup-
logic. Centralized authorization greatly reduces devel-
ports certificate validation through either certificate
opment costs by allowing developers to focus on the
revocation lists (CRL) or Online Certificate Status
application business logic, not on enforcing security
Protocol (OCSP).
policies.
eTrust SiteMinder integrates with industry-leading
eTrust SiteMinder provides security and access
directory services and user stores, eliminating redundant
management through its security policies, which are
administration of user information. This integration
designed to accommodate the user and the user’s
simplifies administration and provides unique and
relationship to the protected resource. A policy pro-
comprehensive security capabilities. eTrust SiteMinder
tects resources by explicitly allowing or denying user
fully leverages existing user directories, from leading
access. It specifies the resources that are protected,
LDAP directories and relational databases, to main-
the users, groups or roles that have access to these
frame security directories.
resources, the conditions under which this access
With single sign-on (SSO) and federation, users get should be granted, and the delivery method of those
a unified and personalized view to all available resources to authorized users. If a user is denied
resources within and across enterprise boundaries. access to a resource, the policy also determines how
Businesses and their partners can provide their that user should be handled.
customers with all their available services; access to
Role based access control (RBAC)
all relevant, authorized information; and access to
eTrust SiteMinder, when used with eTrust™ IdentityMinder®,
multiple applications that run on multiple servers,
gives enterprises the ability to extend existing authori-
multiple platforms, and across multiple internet
zation policies to roles established for users in eTrust
domains. Single sign-on provides a rich user experience,
IdentityMinder. Using eTrust IdentityMinder, enterprises
increased security and reduced customer support
can map organizational structure as well as functional
costs due to lost passwords.
responsibilities to create and manage roles. eTrust
eTrust SiteMinder Federated Security Services let SiteMinder can then bind policies to roles for end-to-
users move across partner and affiliated websites, end identity and access management control.
without having to be re-authenticated. eTrust
eTrust SiteMinder eTelligent Rules
SiteMinder provides these services by implementing
As a business grows and changes, existing security
SAML, a standards-based technology. SAML specifies
logic within applications will likely have to be modified
a framework for sharing security information through
or extended. With eTrust SiteMinder, security adminis-
XML documents, called assertions. eTrust SiteMinder
trators can use eTelligent Rules to make those security
can consume incoming SAML assertions and can
logic changes outside the applications, without
produce outgoing SAML tokens. As a result, eTrust
changing program code, further reducing reliance on
SiteMinder provides a complete, bi-directional SAML
programming. Most other security solutions would
federation that enables maximum interoperability
have to rely on applications being re-programmed,
among enterprises; that is, users can be authenticated
re-built and re-deployed.
either at a company’s main site and go to any partner
site, or be authenticated at a partner site and go to the
6
Auditing and Reporting Availability and Reliability
Auditing and reporting lets managers track user and eTrust SiteMinder reliably and effectively helps to
administrative activity and analyze and correct security ensure that the entire environment that is being
events and anomalies. eTrust SiteMinder lets compa- secured remains available and accessible to the right
nies define activities within the eTrust SiteMinder users. Administrators can set up load balancing and
environment to be logged and where that information failover so that if one eTrust SiteMinder component is
should be stored: in a file or in a relational database. unavailable, the next one will be used without inter-
Both the policy server and web agents provide sepa- ruption to the user. Even if an eTrust SiteMinder com-
rate audit logging and debug logging. ponent fails, it will automatically be re-started to keep
all operations going all the time.
7
Broad Platform Support eTrust SiteMinder Architecture
To help achieve a higher return on investment (ROI)
and lower total cost of ownership (TCO), eTrust eTrust SiteMinder is one of the industry’s leading
SiteMinder leverages existing technology investments directory-enabled access management systems. eTrust
by supporting leading infrastructure components, SiteMinder enables administrators to assign authenti-
including directories, web servers, application servers, cation schemes, define and manage authorization
platforms and authentication methods. eTrust privileges to specific resources, and create rules and
SiteMinder provides native-directory integration with policies to implement these authorization permissions.
existing directories and databases (LDAP, AD, NT With eTrust SiteMinder, companies can implement
Domain, MS SQLServer and Oracle) and integrates security policies to completely protect the content of
with a large number of leading enterprise applica- an entire website.
tions, such as SAP, Siebel and PeopleSoft. In addition,
eTrust SiteMinder consists of two primary components,
eTrust SiteMinder includes J2EE application server
the eTrust SiteMinder Policy Server and eTrust
agents, enabling fine-grained access control of IBM
SiteMinder Agents. See Figure 1 for an overview of
WebSphere and BEA WebLogic Server hosted applica-
the architecture of eTrust SiteMinder.
tions. eTrust SiteMinder extends its security manage-
ment and single sign-on capabilities to the OS/390 Secured Applications
mainframe platform with a web agent for the IBM
HTTP web server and support for RACF and ACF2
eTrust SiteMinder Finance
security directories through the eTrust SiteMinder Secure Proxy Server Destination
Web Servers
HR/Payroll
Intranet
Security Bridge. What’s more, eTrust SiteMinder also Supply Chain
supports authentication for network access devices, Users User & Entitlement Stores
8
eTrust SiteMinder Policy Server The web agent caches extensive amounts of contextual
The eTrust SiteMinder Policy Server is the heart of information about the current user’s access. The
eTrust SiteMinder. The policy server provides the key caching parameters that control these services are
security decision-making operations for eTrust fully tunable by the administrator to optimize
SiteMinder. This high-performance server provides performance and security.
load balancing, failover and caching for superior relia-
bility and speed. Policy servers have been designed to Application server agents
be reliable, fast, and easy to manage, so they can be To secure more fine-grained objects such as servlets,
scaled to meet today’s and tomorrow’s business JSPs, or EJB components, which could comprise a
requirements. Policy server operations are optimized full-fledged distributed application, eTrust provides a
to get them initialized and running quickly. family of eTrust SiteMinder application server agents
(ASAs). ASAs are plug-ins that communicate with the
Access control services in a single process eTrust SiteMinder Policy Server to extend single
The eTrust SiteMinder Policy Server is a single-process sign-on (SSO) across the enterprise, including J2EE
engine that runs all four shared services: authentica- application server-based applications. ASAs protect
tion, authorization, administration and auditing. fine-grained resources hosted in an application server
The single, multi-threaded process results in a highly by superseding the native application server’s security
efficient, simple-to-manage system. The run-time mechanisms.
performance is very fast because the single process
server requires a smaller total memory footprint than For more information about the BEA WebLogic and
a multi-process server and thread context switches IBM WebSphere ASAs, refer to eTrust’s white papers
run faster than process context switches. available on (http://www.ca.com/etrust).
9
SAP Agent application. A custom agent working with the policy
The SAP Agent enables SAP R/3 customers to extend server as the core engine can extend the types of
SSO to their SAP users and to affiliate sites as well. resources that eTrust SiteMindercan protect.
The SAP Agent provides a second level of authentica-
tion behind the DMZ in a trusted zone or corporate
internal network, enforces session synchronization, Secure Proxy Server
and enables choices in authentication technologies The eTrust SiteMinder Secure Proxy Server is a
for SAP user authentication. turnkey, high performance, proxy gateway that
secures a company’s backend servers, offering an
Oracle Agent alternative deployment model for eTrust SiteMinder.
The Oracle Agent for Oracle extends SSO to Oracle With Secure Proxy Server, eTrust SiteMinder offers
users to their corporate web and application servers, two complementary policy enforcement strategies for
as well as to affiliate sites. The eTrust SiteMinder a more flexible and secure web access architecture.
Connector for Oracle Solutions also provides adminis- Customers may choose to deploy traditional eTrust
trators with the flexibility to select a variety of SiteMinder agents or the Secure Proxy Server. These
authentication methods. solutions may be used singly, or in combination, to
provide the optimum security and administration envi-
PeopleSoft Agent ronment for any site.
The PeopleSoft Agent for PeopleSoft 8 enables
PeopleSoft implementers to extend SSO to PeopleSoft Key benefits of the Secure Proxy Server include:
users. In addition, the eTrust SiteMinderAgent pro-
vides PeopleSoft 8 sites with the flexibility to choose • Increased Security. Secure Proxy Server provides
the authentication security technology, verification of multiple authentication schemes, basic, forms-
user session data within the application server, and based and certificate-based, while providing a
enforced synchronization between eTrust SiteMinder single access management point. It prevents
and PeopleSoft Application Server sessions. non-authenticated traffic from entering any point
in the DMZ and eliminates the exposure of network
Siebel Agents topology to outside users.
The Siebel Solutions Agents use the Security Adaptor
interface for the Siebel Object Manager to achieve the • Greater Deployment Flexibility. Secure Proxy Server
critical, Tier 2 security integration. With the eTrust supports multiple-session schemes for cookie and
SiteMinder SSO solution for Siebel, security adminis- cookie-less methods of session tracking. It provides
trators can implement a wide variety of authentication security for any back-end server environment, as
technologies to identify Siebel, link user sessions to well as a platform for building out wireless solutions.
ensure user single sign-out as well as increasing over- Advanced proxy rules dynamically route incoming
all website security as the Siebel Object Manager and requests to the appropriate backend server.
the eTrust SiteMinder Policy Server do not reside in
• Extensibility, Scalability and Robustness. Secure
the DMZ. eTrust SiteMinder enables Siebel customers
proxy Server is an open and extensible solution,
to extend SSO to their entire corporate web and
providing a set of Java APIs for providing custom
application servers, as well as to partner affiliate sites.
session schemes. It is also fully integrated with
Custom Agents eTrust SiteMinder’s scalable and robust architecture.
The eTrust SiteMinder Policy Server is a general-pur-
The Secure Proxy Server is a self-contained reverse
pose rules engine that can protect any resource that
proxy solution consisting of two components, the
can be expressed as a string, as well as any operation
proxy engine, with a fully integrated eTrust SiteMinder
on those resources. While web agents, application
Agent, and an Apache-based HTTP web listener. The
server agents and affiliate agents work with the stan-
Secure Proxy Server accepts HTTP and HTTP over
dard features of eTrust SiteMinder, administrators can
SSL (HTTPS) requests from web clients, passes those
extend agent functionality by creating and configuring
requests to enterprise back-end content servers, and
a custom agent using the Agent API and policy server
returns resources to the requesting client.
Management Console. Custom agents can participate
with standard eTrust SiteMinder agents in a single For detailed information on the eTrust SiteMinder
sign on environment. Secure Proxy Server, refer to the Secure Proxy Server
white paper available at http://www.ca.com/etrust
Custom agents work with the eTrust SiteMinder Policy
Server to control access to a wide range of resources
whether web-based or not. For example, custom
agents could be used to control access to an applica-
tion, application function or a task performed by an
10
Native Directory Integration requirement. eTrust SiteMinder offers a complete
eTrust SiteMinder is integrated with industry-leading password authentication solution and integrates out
directory services, eliminating redundant administration of the box with most leading authentication methods.
of user information. This integration simplifies admin- Since administrators often require varying levels of
istration and provides unique and comprehensive authentication security for different resources,
security capabilities. eTrust SiteMinder supports a range of authentication
mechanisms, including:
eTrust SiteMinder supports a range of leading LDAP
directories and relational databases. eTrust SiteMinder • Passwords
also supports mainframe (OS/390) security directories, • Two-factor tokens
such as RACF, ACF-2, and TopSecret. eTrust SiteMinder • X.509 certificates
treats these directories as if they are regular LDAP
• Passwords over SSL
user directories, and can provide both full authentica-
tion and authorization for users stored in these • Smart cards
directories. Support for these directories is achieved • Combination of methods
through an add-on component called the eTrust • Forms-based
SiteMinder Security Bridge.
• Custom methods
eTrust SiteMinder supports storage of policy informa- • Full CRL and OCSP support
tion in a variety of LDAP enabled directories and SQL • Biometric devices
databases.
• Forms and/or certificates
Even though the user and the policy store are logically Certificate revocation is a critical component of PKI
separate, the ability to store both users and policies in strategy, since invalid certificates must be rejected by
the same physical directory provides easier adminis- the authentication mechanism. eTrust SiteMinder
tration and better performance. Directory Mapping supports CRL processing for all leading public key
lets an application authenticate users based on infor- infrastructure (PKI) vendors, including the requirement
mation from one directory and authorize users based that the CRL is located in a directory and searched to
on information from a different directory. ensure the current certificate has not been revoked.
In addition, eTrust SiteMinder supports the use of
OCSP for real-time certificate validation.
eTrust SiteMinder
Authentication Management Authentication Policies
eTrust SiteMinder offers unparalleled control over Authentication policies give security administrators
what type of authentication method is used to protect unique management capabilities to mix and match
a resource and how that authentication method is authentication methods and brand and customize the
deployed and managed. Traditionally, it is very chal- credentials collected. eTrust SiteMinder also enables
lenging to successfully deploy and manage strong administrators to classify resources into groups based
authentication methods (for example, two-factor cer- on their value and assign different authentication
tificates); therefore, most companies default to using methods to each level.
user names and passwords. By centrally managing
all authentication systems and utilizing the eTrust
SiteMinder advanced authentication policy manage- Certificate Combinations and Alternatives
ment capabilities, companies can successfully deploy Authentication method combinations, such as certificate
mixed authentication methods based on resource and password, are very useful when stronger security
value and business needs instead of IT limitations. is required for a specific set of resources. It is also a
solution for enterprises where multiple administrators
might share a secured machine. The certificate
Authentication Methods identifies the machine, while each operator has
No single authentication technique is appropriate for their own password.
all users and all protected resources in all situations.
That’s why authentication flexibility is an important
11
Alternative methods (certificate or password) are ideal administrators need alerts if suspicious events occur,
when administrators require gradual deployment of such as a user failing several successive login
certificates. When a certificate for authentication is attempts. eTrust SiteMinder Password Services provide
installed, it is used; but, if a certificate is not present, an additional layer of security to protected resources
eTrust SiteMinder reverts to regular password by enabling the management of user passwords in
authentication. LDAP user directories or relational databases. To man-
age user passwords, administrators create password
policies that define rules and restrictions for govern-
Forms-based Certification ing password expiration, composition, and usage.
Forms-based authentication enables the implementation
of an authentication screen that is tailored to individual Password services can enforce multiple password
needs. This is useful when a common brand identity polices through a priority list of passwords that apply
is desired across all internal applications and sign-on for multiple applications being protected across one
screens. In addition, it supports custom attributes, or more user directories. Password services also
such as a Social Security number or mother’s maiden enable password self-service for end-users.
name, for authentication. For attributes in the user Developers can implement eTrust SiteMinder Password
directory, eTrust SiteMinder performs authentication Services through either CGI with customizable HTML
checks automatically, providing much greater log-in forms or through a servlet with customizable Java
security. Server Pages (JSP-forms).
12
When Password Services are active, eTrust SiteMinder other eTrust SiteMinder HTML forms-based authenti-
invokes a password policy whenever a user is authen- cation scheme. As a result, impersonation is straight-
ticated as well as when a user password is set or forward to set up and configure, as well as being
modified. The Password Services action depends on straightforward to use.
the context, which includes the user credentials and
the policy. If the user is trying to create or modify the
password and the new password does not meet the eTrust SiteMinder
password policy requirements, the operation fails. If
the user is attempting to authenticate with a password
Authorization Management
that has expired, or if the user account was marked Entitlement management is one of the most critical
inactive, actions such as disable the account or issues for web applications. Users need to access
redirect to an information page, can also be specified information, but must be authenticated and authorized
in the password policy. based on their privileges before gaining access.
Traditionally, the entitlement management model for
web resources often varies across web servers, appli-
Impersonation cation servers, operating systems and development
eTrust SiteMinder supports impersonation, where tools. Consequently, the administration of one server
one authorized user can access what another user can differ from the administration of another, and
accesses. With impersonation, a customer service entitlement management capabilities offered by these
representative can act on behalf of users to run tasks various servers and tools can differ. These differences
for them that they otherwise might not want to, or can lead to administrative problems as well as an
know how to, run themselves. For example, a stock inconsistent security framework.
broker might use impersonation to complete a stock
transaction for a client. eTrust SiteMinder provides centralized authorization
management through its policies for all web
With impersonation, a previously authenticated user resources, across web servers, application servers,
uses their identity to assume the identity of another and so on. Administrators work with the Policy Server
user without presenting the other user’s credentials. Management Console to define policies that restrict
Secure information, such as passwords, do not have access to specific web resources by user, role, group,
to be transferred over the phone anymore. To start the dynamic group and exclusions. Centralized access
impersonation, the customer representative requests control through policies provides very fine grained
that a defined resource be mapped to the imperson- control to administrators, allowing them to implement
ation authentication scheme. Then, the representative access control at the file, page or object level.
is prompted to enter the impersonation username.
The Policy Server Management Console is a single,
eTrust SiteMinder makes sure that impersonation browser-based, administrative system that extends
is a secure operation, that only entitled users can across all intranet and extranet applications. A consis-
impersonate other users: tent security policy simplifies the central management
of multiple web applications. A centralized approach
• Administrators set up impersonation as an eTrust
to security management provides the following
SiteMinder rule in a policy. In this way, imperson-
advantages:
ation can be very finely controlled because policies
can define exactly who can impersonate whom for • It eliminates the need to write complex code to
which resources within a realm. manage security in each application.
• All impersonation sessions are audited to provide • The time and cost to develop and maintain multiple
a history of events for record keeping and security systems is eliminated; sites deploy only one
non-repudiation. Information from both the user security system for all applications.
who is impersonating and the user who is being
impersonated is recorded. • eTrust SiteMinder manages the security privileges
of customers, business partners, and employees,
• Private information can be hidden from the whether they access the corporate network locally or
impersonating subject, as necessary to protect a remotely through the internet or a private network.
customer’s privacy.
13
eTrust SiteMinder Policies resolve values for variables in user attributes from
eTrust SiteMinder provides security and access man- user stores, data in forms users completed, or through
agement based on policies that make access and web services calls to local or remote data sources.
security management more flexible and scalable The values are then evaluated against the expression
because they are built around the user and the user’s as part of the policy decision making process,
relationship to the protected resource. together with other policy constraints.
A policy protects resources by explicitly allowing or For example, in a financial services website, a user
denying user access. It specifies the resources that are wants to access services that are available only to
protected, the users, groups or roles that have access customers with a certain credit rating. eTelligent Rules
to these resources, the conditions under which this can be implemented using web services calls to check
access should be granted, and the delivery method of the customer’s current credit rating with an external,
those resources to authorized users. If a user is denied online credit service. If the customer’s credit rating is
access to a resource, the policy also determines how adequate, then access is allowed (assuming all other
that user is treated. security policy criteria are met).
An eTrust SiteMinder policy binds rules and responses Additional information on eTelligent Rules is available
to users, groups and roles. The responses in a policy in a detailed white paper, available at
enable the application to customize the delivery of http://www.ca.com/etrust
content for each user. Policies reside in the policy
Options
store, the database that contains all the eTrust eTrust
SiteMinder
Policy
Rule or
Rule Group
Users or Groups
in a Directory
Response or
Response Group
eTelligent
Rule Time IP Address
Active
Response
14
IP addresses Global policies are managed by system-level adminis-
A policy may be limited to specific user IP addresses. trators only using the Policy Server Management
If a user attempts to access a resource from an IP Console, the Policy Management API, or the Perl
address not specified in the policy, the user will not script interface to the Policy Management API.
be allowed access.
Role based access control (RBAC)
Time restrictions eTrust SiteMinder software, running in conjunction
A policy may be limited to specific days or ranges of with eTrust IdentityMinder software, provides enter-
hours. A policy with a time restriction will not allow prises with role based access control. Roles define job
access outside specified times. responsibilities, or a set of tasks that are associated
with a job or business function. Each task corresponds
Active response to an operation in a business application. A single role
An Active Response allows business logic external to can have one or more tasks defined in it and users
eTrust SiteMinder to be included in a policy definition can have one or more roles assigned to them. An
enabling eTrust SiteMinder to interact with custom eTrust IdentityMinder central administrator creates
software created using the eTrust SiteMinder APIs. role and task definitions. Only after a user is assigned
a role can they perform the tasks defined in that role.
Global policies
eTrust SiteMinder’s global policies significantly When eTrust IdentityMinder is integrated with eTrust
improve how policies can be organized and they SiteMinder, eTrust SiteMinder extends the power of
reduce redundant operations for configuring multiple roles beyond job descriptors to access management.
policies in large enterprises. Global policies provide The eTrust IdentityMinder administrator works with
administrators with the ability to define policy objects, the eTrust SiteMinder administrator to bind eTrust
rules, and responses, with global scope separately IdentityMinder roles to eTrust SiteMinder policies.
from a policy domain. When separated from a Once the roles are bound to eTrust SiteMinder policies,
domain, administrators can define common policy the user and access management link is established.
objects, rules, and responses once that apply across eTrust IdentityMinder manages the users and their
multiple domains. Then, they can easily update the roles; eTrust SiteMinder manages secure access to
common policy objects, rules, and responses without resources specified by their roles.
having to locate each item in each realm throughout
the domains. In addition to improving policy adminis- The eTrust IdentityMinder-eTrust SiteMinder role
tration, global policies can help ensure compliance based access control implementation is non-intrusive
with federal regulations or corporate rules because and flexible. eTrust IdentityMinder roles can be used
they can enforce those rules and regulations across directly by eTrust SiteMinder without the need to
the enterprise, if required. modify user directories. eTrust SiteMinder access
control mechanisms are available to eTrust
Each component of a global policy remains comple- IdentityMinder roles without the need to modify
mentary to their domain-specific counterparts; that is, eTrust IdentityMinder role definitions.
if there is a domain-specific policy object, rule or
response with the same reference, the domain-specific
item takes precedence over the global item. System Single Sign-On
level administrators can also disable global policies
for any domain, if they so choose. Global policies One of the most common challenges site operators
allow time restrictions to be specified when rules face is multiple user logins. No universal single
are in effect. sign-on (SSO) solution exists today, primarily because
there are no formal standards to facilitate an open
For example, administrators define a policy in each solution. eTrust SiteMinder supports SSO in several
realm to redirect users to the same web page when ways: single sign-on in single and multiple cookie
users are not authenticated or not authorized to domains; Federated Security Services through SAML;
access a resource. With global policies, administrators integration with Microsoft .NET passport, and within
define a redirect policy once and that single global a Microsoft Windows environment. With its broad
policy can be used by all realms. Without global policies, support for single sign-on, users get seamless access
administrators have to define that same policy over to resources across networks of websites.
and over for each realm.
15
Single and Multiple Cookie Domains In an environment that includes resources across
When a user authenticates with eTrust SiteMinder, an multiple cookie domains, eTrust SiteMinder supports
encrypted cookie is created that contains the neces- single sign-on across applications running on hetero-
sary session information about the user. The cookie is geneous web and application server platforms using
encrypted with a 128-bit symmetric cipher. No user a cookie provider, a specially configured eTrust
password information is ever kept within the cookie. SiteMinder Agent that passes a cookie containing the
When the user requests access to a different protected user’s identity and session information to other cookie
resource, eTrust SiteMinder decrypts the information domains in the SSO site. This enables eTrust SiteMinder
in the cookie and securely identifies the current user. to authenticate the user across the entire virtual
No additional authentication is required. See Figure 3. website, even though it consists of multiple domains.
eTrust SiteMinder also supports cross-domain SSO. Within the SSO site, users enter their credentials upon
When users authenticate to a single internet domain, their first attempt to access a protected resource. After
eTrust SiteMinder eliminates the need to re-authenti- they are authorized and authenticated, they can move
cate when they access protected resources or applica- freely between different realms that are protected by
tions in a different domain. Cross-domain SSO is a authentication schemes of an equal or lower protection
critical capability, especially for large enterprises with level without re-entering their identification information.
multiple divisions or multinational businesses. See The above diagram shows SSO across multiple cookie
Figure 4. domains.
Employees
Partners
Customers
Mycompany.com Federated Security Services
eTrust SiteMinder makes it easy for administrators to
Application Server set up Federated Security Services. An authentication
/servlet 1/ with eTrust
SiteMinder Agent scheme is available to configure SAML producers,
Figure 3. user mapping, and validation information. Duplicate
Single sign-on within a single cookie domain user profiles in both the main site and partner sites
(one-to-one user mapping) is supported, but not
required. Federated Security Services also supports
one-to-many user mapping; for example, everyone
User entitlements Cookie domain
Session identity subsidiaryA.com
from a partner site can be mapped to one identity,
such as Partner Employee, in the local user store. The
Cookie domain policy server also adds issuer validation to ensure that
mycompany.com Application Server
Authentication
User entitlements
with Protected
Applications
the integrity of the token is intact when it is received.
Session identity
Cookie domain
Employees Web Server Designed subsidiaryB.com
Partners as the ìcookie providerî
Customers for the SSO Site
User entitlements
Session identity
Web Server
with Protected
Applications
Figure 4.
Single sign-on across multiple cookie domains
16
Figure 5 shows how the eTrust SiteMinder site, as a Figure 7 shows how the eTrust SiteMinder site, as a
SAML producer works, with affiliated sites. Because SAML consumer works, with affiliated SAML sites.
the eTrust SiteMinder site conducts the authentication Because eTrust SiteMinder can consume SAML tokens,
for all users, the affiliated partner sites don’t even it can easily interoperate with sites that don’t use
need a security solution. eTrust SiteMinder.
Affiliate Partner
Affiliate Partner
Web Server
with
SAML Affiliate
Agents
Web Security
Server Product A
<SAML>
Users eTrust SiteMinder <SAML>
Users eTrust SiteMinder
Web Server
with
eTrust SiteMinder
Employees
Partners Policy Servers
Web Server
Customers Employees with eTrust
<SAML> Policy Servers
Partners SiteMinder
Affiliate Partner Customers Agent
<SAML>
Web Server
with
Affiliate Partner
SAML Affiliate
Agents
Web Security
Figure 5. Server Product B
eTrust SiteMinder as a Producer with SAML
Affiliate Agents Figure 7.
eTrust SiteMinder as a SAML consumer with
Figure 6 shows how the eTrust SiteMinder site, as a SAML affiliates
SAML producer works, with affiliated sites that are
Microsoft .NET Passport integration
SAML compliant, but do not have a SAML Affiliate
Microsoft® Passport is an online user-authentication
Agent running at the site. The eTrust SiteMinder site
service. Passport lets a consumer create a single sign-
conducts the authentication for all users, but the affili- in name and password for easy, secure access to all
ated partner sites require a SAML compliant security Passport-enabled websites and services. Passport-
solution to enable single sign-on for users. enabled sites can rely on Passport to authenticate
users. However, Passport does not authorize or deny a
Affiliate Partner
specific user’s access to individual sites and applications.
<SAML>
Passport authentication with eTrust SiteMinder author-
Users eTrust SiteMinder ization services. This combination allows organiza-
tions to retain fine-grained and secure control over
Web Server
their security policies through eTrust SiteMinder, while
Employees with
Partners eTrust SiteMinder Policy Servers participating in a trusted network that delivers a unified
Customers
<SAML> experience to Passport users. Passport users can log-in
Affiliate Partner
once using their .NET Passport user name and pass-
word, or credentials and seamlessly access a network
of .NET Passport enabled websites, as well as enter-
Web Security
Product
prise applications protected by eTrust SiteMinder. For
added security, an eTrust SiteMinder protected site
Figure 6.
eTrust SiteMinder as a SAML producer without SAML can choose to re-challenge the user for more secure
affiliate agents content.
17
Single Sign-on in the Windows Environment policy store. eTrust SiteMinder also tracks user sessions
eTrust SiteMinder single sign-on is especially impor- so administrators can monitor the resources being
tant in the Microsoft Windows environment because accessed, how often users attempt access, and how
users access many enterprise applications through many users are accessing the site. Additionally, eTrust
their Windows desktop. SiteMinder provides the ability to filter audit events
(for example, record only failed authorizations), allow-
Windows integrated security ing the administrator to only track events of interest.
Users who login to their desktop using Windows NT
authentication and use internet Explorer to access
e-business applications deployed on any web server, Reporting
including non-internet information server web eTrust SiteMinder audit data can be used to build
servers, can login to eTrust SiteMinder without being reports, leveraging the reporting solution that your
re-challenged as long as there is one IIS web server company currently uses. eTrust SiteMinder provides
configured to use eTrust SiteMinder. With this capabil- stored procedures and sample Crystal Reports tem-
ity, the user only has to remember their desktop plates. If you integrate Crystal Reports with eTrust
password. SiteMinder, you can take advantage of the sample
report templates described below. If you use other
Windows application login commercial reporting solutions, you can use the
eTrust SiteMinder also supports Windows application eTrust SiteMinder provided stored procedures to
login, enabling a user to login to eTrust SiteMinder easily access the audit information in the database
and subsequently launch Windows/COM+ web appli- and build your own reports. Regardless of your
cations such as Microsoft Outlook Web Access and reporting solutions, eTrust SiteMinder provides you
Microsoft Commerce Server. With Windows applica- with the data you need to generate reports like those
tion login, administrators can enforce access control described in this section.
on non-eTrust SiteMinder-protected Windows applica-
tions for all eTrust SiteMinder users with a Windows Report drill down capabilities
identity (NTLM or LDAP) by initializing their applica- eTrust SiteMinder reports begin with a summary of the
tion security context with eTrust SiteMinder. data in the report. Clicking on a summary item, such
as a date, user, or agent, allows administrators to
view more detailed information. Drill-down details
Auditing and Reporting contain the following information:
Administrators need to know who is doing what and • Time. Lists the exact times when each event occurs
when. eTrust SiteMinder auditing logs all activity from the oldest time to most recent.
throughout the eTrust SiteMinder environment. eTrust
SiteMinder stores the audit information in a flat file or • User. Contains the user name associated with the
relational database. When you set up eTrust SiteMinder reported event.
to store information in a relational database, you can
use commercial reporting solutions to present that • Agent. Lists the names of the agents where the
auditing information in any format required. report event occurred.
Changing federal laws, in-depth regulatory financial • Administrator. The eTrust SiteMinder Account
audits, and increased security threats from external Username is listed.
hackers have all pushed access management auditing
• Category. Describes the type of event that was
and reporting to the forefront of product feature sets.
logged.
eTrust SiteMinder reporting supports granular infor-
mation collection and analysis on access, activity, • Description. Describes the actual event that occurred
intrusion, and audit information to fulfill many of during the time noted in the Report. When any
these reporting requirements. category of event is logged as a rejection or failure,
the color of the text on the computer screen is red
and indicated by an exclamation (!) mark.
Auditing
eTrust SiteMinder audits all user and site activity,
including all authentications and authorizations, as
well as administrative activity, and any changes to the
18
Activity reports Time series reports
Activity reports show a variety of user, eTrust SiteMinder Administrators can view two types of Time Series
agent, and resource activity data at different levels of Reports:
granularity. There are four types of Activity Reports:
• Daily Transactions Report. Includes all successful
• All Activity Report. Transactions and failures of all and failed authentications and authorizations by day.
users that occurred during the period of time
covered by the report • Hourly Transactions Report. Breaks the data further
down into successful and failed authentications
• Activity by User Report. Users and their sessions, by hour.
including the number of transactions and failures
that occurred during the period of time covered by Time Series reports are displayed as bar charts. See
the report Figure 8. Administrators can view a chart of all trans-
actions, or view the authentications, authorizations,
• Activity by Agent Report. Lists active agents and or administration transactions separately.
provides information, such as the number of
transactions and failures that occurred on each 120
12
8
80
• Activity by Resource Report. Resources accessed
Transactions
Transactions
6
during the reporting period, including host names, 60
attempts 0 0
12:00 am
10:00 am
12:00 pm
1 2 3 4 5 6 7 8 9 1 0 11 1 2 1 3 1 4
11:00 am
1:00 am
2:00 am
3:00 am
4:00 am
5:00 am
6:00 am
7:00 am
8:00 am
9:00 am
1:00 pm
2:00 pm
3:00 pm
Date
Hour
Intrusion reports
Figure 8.
Intrusion Reports show failed authentication and Time series reports
authorization attempts by users and or agents at
different levels of granularity. The main intrusion
report is the All Failed Authentication and Authorization
Attempts report, which lists all failed user authentica-
Enterprise Manageability
tion, authorization and administration attempts by eTrust SiteMinder includes enterprise site manageability
date and time. This report is broken down into two features that ease deployment and ongoing site
sub-reports: administration through proactive centralized control
of operating environments and monitoring of system
• Failed Authentication and Authorization Attempts availability and operating status.
by User
OneView Monitor
• Failed Authentication and Authorization Attempts
eTrust SiteMinder OneView Monitor collects and dis-
by Agent
plays real-time operation status information, including
Administrative reports failure alerts, about eTrust SiteMinder policy servers,
The main administrative report is the All agents, and other core components such as authenti-
Administrative Activity report, which covers all cation and authorization services. Information is pre-
administrative activity by date. It is broken down into sented graphically so that administrators can rapidly
two sub-reports: assess an entire environment with multiple policy
services, or the status of an individual component.
• Activity by Administrator Report. Covers all When a problem is reported, administrators can scan
administrative activity by administrator. summary information to review overall system status,
identify components with failure alerts, and drill-down
• Activity by Object Report Report. Covers all
to obtain detailed status information.
administrative activity by object (Administrator,
Agent, Policy, and so on). In the event of a component failure, eTrust SiteMinder
OneView Monitor can display and alert an administra-
Each report contains columns of information including
tor right away so that no time is wasted in reporting
Time, Administrator, and a brief description of the
the problem. Administrators can then take pro-active
activity.
action to correct problems, possibly even before users
experience any trouble.
19
With the SNMP integration capability, administrators After glancing through the XML file report, adminis-
can set up automatic recovery procedures based on trators can determine if any components require
failure alerts. For example, a failure report can kickoff updating, if there are any version mismatches, and if
an e-mail message or a pager message to the person the correct agents are deployed where needed.
who is closest to the problem. The recovery time can
then be reduced even further because the responsible When working with the eTrust SiteMinder support
person is alerted as quickly as possible. team to resolve a problem, administrators can send
eTrust SiteMinder Environment Collector information
eTrust SiteMinder OneView Monitor can be easily con- to the support team. With accurate and up-to-date
figured so that administrators can set up the displays data to work with, the support team will be able to
to report information exactly as they need it. They can work on reproducing and resolving the problem.
filter out data that might not be important to their
environment; they can sort data according to their Test Tool
priority; and they can specify update intervals to make After a problem is reported, administrators must have
sure they have fresh data when they need it. the correct tool to identify and isolate the cause of the
problem, so they can move quickly to resolve it. The
Environment Collector out-of-the-box eTrust SiteMinder Test Tool simulates
When problems are reported, it is critical to have agent operations so that a policy server can be iso-
detailed information about all the operating compo- lated from the agent environment. Once isolated, the
nents of the environment to help identify and isolate administrator can determine whether the policy server
the root cause of the problem and, if necessary, to is creating the problem or another component in the
reproduce the problem in a testing lab. Because a environment where the policy server is running.
security solution interacts with many critical systems
distributed worldwide that are owned by different The eTrust SiteMinder Test Tool can test the connection
people or groups, it might take the security adminis- to the policy server to see if it is down. If the connec-
trator days to contact the right people to get all the tion is available, the administrator can test the policies
details they need about all the components connected associated with the application that reported the
to the security system. Even after the information is problem. The administrator can run tests that check if
collected, it could go stale very quickly as components the resource is protected, if the user is authenticated,
get upgraded. and if the user is authorized for the resource. Debug
information is also provided.
The eTrust SiteMinder Environment Collector provides
a snapshot of the eTrust SiteMinder runtime environ- Logging and policy profiling
ment for any policy server in the enterprise. When With useful logs of day-to-day system activities,
problems associated with a policy server crop up, administrators can prevent many problems from
administrators use eTrust SiteMinder Environment happening and troubleshoot problems quickly when
Collector information to assess exactly what compo- they occur.
nents the policy server is working with. With up-to-
Policy server and agent logs are separate from tracing
the-minute environment information, the security
logs to make log files easier to manage. Because sep-
administrator can resolve the situation much faster.
arate logs are smaller and easier to work with, admin-
The Environment Collector collects the following istrators also have more precise control over log
information about a policy server: verbosity because they can specify different verbosity
settings for each log. In addition, administrators can
• User stores and databases being accessed by the apply tracing and logging settings without restarting
policy server. the policy server. For example, an administrator can
add a data field in the trace logs and eTrust SiteMinder
• Custom modules being used by the policy server.
adds the field automatically without restarting the
• Agents that are interacting with the policy server. server.
• Registry information.
Policy server and agent logging include the following
The type of information collected includes the name capabilities:
of the component, its version, patch levels, which
policy server the component works with, how the • Agent and policy server logs can be correlated
components are connected, and other environment through a transaction ID allowing the administrator
attributes that affect how eTrust SiteMinder operates. to follow both agent and policy server operations to
This information is stored in an XML file. more easily identify the problem. For example, when
multiple agents are making requests to a policy
server, having a single transaction ID allows
20
administrators to isolate a call from a particular • All configuration information is centralized and
agent, providing more precise and relevant stored in the policy store, providing greater security
troubleshooting information. for configuration information.
• Logging profiles can be saved for quick retrieval and • It is easy to delegate administration for creating and
alternation between production and troubleshooting managing the new centralized agent to the
modes. The output can be sent to either a system administrator who has organizational responsibility
console or a file. for the agent.
Policy profiling, or trace logging, includes the following • Configuration templates make it very easy to
capabilities: configure multiple agents into logical groups.
• Policy profiler (previously called the debug tracer) • Web servers do not need to be re-booted when
can trace policy server operations across policy configuration changes are made.
server components.
21
Unattended installations cache that is searched before the regular policy cache.
In large enterprises, administrators install eTrust In addition, eTrust SiteMinder caches user attributes to
SiteMinder Policy Servers and agents on many sys- optimize LDAP calls. These caching facilities provide
tems. In many cases, these installations are the same outstanding performance, even for very large number
from system to system. With unattended installations of users or policies.
in eTrust SiteMinder release r6, administrators use
Java-based installation templates to automate these Through independent tests conducted by Mindcraft
installations. With automatic installations, eTrust Inc., eTrust SiteMinder has demonstrated industry-
SiteMinder can be rolled out faster to better meet the leading performance for user authentications and
needs of rapidly expanding global businesses. authorizations. Figure 9 summarizes the outstanding
performance that eTrust SiteMinder offers.
The unattended installations use a platform-independ-
ent Java installer, which allows the installation to run
the same way, with the same look and feel, on both 120,000
Unix® and Microsoft Windows operating systems.
100,000
Administrators work with templates to specify how to
22
Reliability, Availability and Scalability requests are handled locally. Policy servers in a clus-
These optimizations enable rapid run-time performance, ter can be running on different platforms or physically
especially when working with large policy stores. For located in different places. As a result, clustering is
example, tests indicate that the policy evaluation viable in both homogeneous and heterogeneous
response time for a policy store with one realm is the policy server environments.
same as the response time for a policy store with up
to thousands of realms. Clustering offers administrators these features:
eTrust SiteMinder has been designed specifically to • Dynamic Load Balancing. Dynamic agent-to-policy
meet the needs of e-business sites that must support server load balancing allows higher levels of pro-
a large number of users with high authentication and cessing loads to get allocated to faster servers
authorization rates. Though eTrust SiteMinder is easy within the cluster. More effective load balancing
to configure and deploy for small workgroup environ- increases maximum system throughput because
ments, it can scale to large installations that support agents get served by the policy server that can provide
very large user or resource populations. eTrust the fastest response at any given time. Agents will
SiteMinder provides outstanding scalability due to be served by a policy server instance within the clus-
the following capabilities: ter that previously provided the best response time.
• Replication and Failover. Each web agent can be • Automatic Failover. Agents are decoupled from pol-
configured to communicate with multiple eTrust icy servers. As a result, agents transparently failover
SiteMinder Policy Servers. If the current policy from one cluster to another, according to criteria
server becomes unavailable, the agent automatically established by the administrator. When the number
establishes a connection with the next policy server of available policy servers in cluster falls below the
and continues processing. This operation is trans- criteria, agent requests are automatically sent to
parent to the user. For increased availability, in another cluster without interrupting service.
the event of a failure, eTrust SiteMinder provides
With these features, the administrator can easily scale
automatic restart of all server processes. eTrust
policy servers to meet increasing service requests in
SiteMinder also provides the failover mechanism for
growing enterprises.
user directories, that is, if the current user directory
is unavailable, the policy server automatically estab-
lishes a connection with the next user directory.
Security
• Load Balancing. eTrust SiteMinder supports auto- A security system is only as strong as its weakest link.
matic load balancing, which significantly improves That’s why it’s critical that all components and com-
the scalability and performance of eTrust SiteMinder munication paths be secure, so that intruders cannot
in large deployments. The web agent distributes mul- compromise the overall system security by stealing
tiple user requests across multiple policy servers. The passwords or impersonating other users. eTrust
policy servers can also load balance their requests SiteMinder offers security at each point in its operation.
across a set of directory servers. In this way, eTrust
SiteMinder can distribute its system load across More specifically, it provides several capabilities to
other servers to improve overall system throughput. ensure that data and applications are not compromised.
23
Mutual Authentication Session and Idle Timeouts
Administrators must ensure that a server is not an Companies can centrally define both idle and session
impostor collecting sensitive information such as, timeouts for individual applications. For example, a
credit card numbers. Both the web agent and the sensitive finance application might have an idle time-
policy server authenticate themselves to each other, out of two minutes when there is no browser action.
using a shared secret to encrypt an authentication The application can also have a maximum user-session
message. This secret is never passed over the network, time which will automatically logout users after a
even in encrypted form, and so cannot be stolen from specified period of time.
the network. This technique ensures the structural
integrity of the eTrust SiteMinder components them-
selves, so that an eavesdropper cannot steal useful Rolling Keys
information, nor impersonate an eTrust SiteMinder eTrust SiteMinder can centrally and automatically roll
server or agent. over all keys that agents use to encrypt/decrypt cookies.
Without the eTrust SiteMinder automatic rollover, IT
administrators would need developers to implement a
Revocation of User Credentials rollover scheme themselves, which is extremely
Some sites need to immediately revoke access control difficult to do. eTrust SiteMinder’s rolling keys makes
privileges of a specific user; for example, when an the eTrust SiteMinder cookie extremely secure
employee is terminated. eTrust SiteMinder supports a because it can be done simply, easily, and reliably by
rapid response through the use of commands to flush eTrust SiteMinder and relieves companies from having
specific information from the web agent cache. The to rely on home-grown implementations.
following operations are available both through the
administrative interface and through the API. Administrators can also automatically generate and
reset trusted host keys by delivering them securely to
• Flush the user cache the trusted hosts, without requiring that the policy
server or agent be restarted. The administrator can
• Flush the resource cache
specify how often shared secrets are reset according
• Flush both caches to a schedule that is best for their environment—
• Flush all resources in a specific realm hours, days, weeks or months. Administrators can dis-
able automatic shared secret rollover for specific
• Flush a specific user entry in the user cache trusted hosts and continue to perform manual shared
secret rollovers, if required.
Encrypted Session Cookies
The eTrust SiteMinder session cookie is a RC4,
128-bit-encrypted session ticket that has browser Hardware Stored Encryption Keys
information, time, Distinguished Name, an encrypted eTrust SiteMinder has partnered with nCipher, the
seed, and other information not disclosed in this industry leader in hardware-based encryption, to
paper for security reasons. All these fields are implement storage of the host encryption key in hard-
encrypted and randomly ordered. ware. This hardware technology adheres to industry
standards and allows for highly secure yet flexible key
eTrust SiteMinder does not embed IP or password management. nCipher’s HSMs incorporate the use of
information in the cookie sent back to the browser. smart cards (“tokens”) and a card-reading device to
Many homegrown and competing products make the securely manage the encryption keys. Using nCipher’s
mistake of including IP information, causing massive HSM, the key management functionality within the
firewall problems in network address translation eTrust SiteMinder environment supports true random-
(NAT) environments. number key generation, back-up, fail-over, and
archiving capabilities in a FIPS 140-1 certified module.
The eTrust SiteMinder session cookie has been tested
and approved by the security committees of Dean
Witter, E*Trade, WellsFargo, Citigroup, American LDAP Protection from Denial-of-service Attacks
Express, BancOne, Bank of America and other large As noted in Carnegie Mellon, CERT 2001-18
financial companies. In addition, eTrust SiteMinder (http://www.cert.org/advisories/CA-2001-18.html),
offers an optional Reverse Proxy Server solution that LDAP directories are extremely susceptible to denial
allows a customer to use various means of session of service (DOS) attacks. eTrust SiteMinder eliminates
control: a standard eTrust SiteMinder session cookie, these DOS attacks by placing a eTrust SiteMinder
SSL ID, miniature cookie for wireless solutions, or Policy Server between the web server and the LDAP
encrypted URLs. directory.
24
In addition, eTrust SiteMinder ensures that packets rity logic resides behind the DMZ in the protected
attempting authentication match the eTrust eTrust SiteMinder Policy Server. This architecture
SiteMinder-encrypted key before passing on authenti- ensures security by not exposing any access logic or
cation or authorization attempts to the policy server. policies in the DMZ.
This chokes off DOS attacks on the eTrust SiteMinder
infrastructure.
eTrust SiteMinder Developer
Protection from Cross-Site Scripting Capabilities
A cross-site scripting (CSS) attack can occur when the The eTrust SiteMinder Software Developers’ Kit (SDK)
input text from the browser (typically, data from a supports the development of custom applications to
post or data from query parameters on a URL) is embed eTrust SiteMinder in their environment, and to
displayed by an application without being filtered for extend the capabilities of eTrust SiteMinder. Java and
characters that may form a valid, executable script C APIs are provided to offer developers a choice of
when displayed at the browser. For example, an attack programming languages. Both interfaces contain sev-
URL can be presented to unsuspecting users. When it eral sets of APIs. Each set lets developers implement a
is clicked, an application could return to the browser a particular feature, such as developing a custom agent
display that includes the input characters, perhaps using the Java APIs or extending an authorization
along with an error message about bad parameters on scheme using the C APIs. Both client-side and server-
the query string. The display of these parameters at side APIs are provided in Java and C. Both C and Java
the browser can lead to an unwanted script being agent APIs can also run on Linux.
executed on the browser.
25
Managing the Policy Store Server Management Console to define active rules,
The Policy Management API is used to manage all the active policies, and active responses.
objects within the eTrust SiteMinder Policy Store. With
the Policy Management API, companies can develop
custom Policy Management interfaces to eTrust Adding a Directory Provider
SiteMinder. For example, a developer can write an The Directory API is used to develop plug-in modules
application that allows administrators to manage to the policy server for implementing a custom user
policies, policy responses, global policy configuration, store that eTrust SiteMinder does not support. eTrust
authentication schemes and password policies, shared SiteMinder supports the following namespaces for user
secret rollover for trusted hosts, and affiliate and affili- directories:
ate domain management functionality. Both program-
• LDAP
ming and command line interfaces (CLI) are available.
• ODBC
• Microsoft Windows NT
Managing the User Store
The DMS API enables management of objects within a • Custom
eTrust SiteMinder user directory. Users of the DMS API Using the Directory API, an interface can be built to
can develop custom User Management applications any custom user directory or database.
using eTrust SiteMinder that enable privileged users to
create, add, modify and delete organizations, groups or
users. The DMS API performs the following tasks: Integrating with eTrust SiteMinder Events
The Event API lets customers build custom handlers
• Manage directory entries for eTrust SiteMinder events. Through the Event API,
• Discover user privileges eTrust SiteMinder can log events using outside sources,
providers, or applications. Administrators can then
• Enable/disable users
access the logged information through these other
• Grant DMS roles to users sources, providers, or applications. Using the Event
• Paging and sorting when search LDAP directories or API, developers can build applications to alert admin-
ODBC databases istrators of eTrust SiteMinder activity. For example, an
event handler can send an e-mail to the administrator
Using the DMS Workflow API, developers can add when the accounting server starts or someone creates
pre- and post-process functionality for specific DMS a new policy.
API. The DMS APIs available for specifying the pre-
and post-process functionality include those used for
modifications such as set, delete, and associations. Session Server API
The pre and post functionality is implemented as a The Session Server API allows enterprises to store
shared library and is configured within the eTrust application state information associated with the user
SiteMinder Policy Server Management Console. and make it available to all applications as a shared
service.
26
invokes the requested function, and passes the data to • Enhance Users’ Experiences. eTrust SiteMinder’s
the function. Once the service has performed its task, single sign-on capabilities let users move from appli-
the policy server returns the results to the agent. cation to application, or site to site, without having
to sign on multiple times with different identities
and passwords. For employees, single sign-on lets
Summary workers get their work done more efficiently; and for
customers, single sign-on lets users get the personal-
eTrust SiteMinder is one of the premier security
ized information they need to do business easily and
solutions for global organizations because it can
without frustration.
cost-effectively provide an efficient security access
management solution that lets business in while • Improve Security. eTrust SiteMinder provides cen-
keeping risk out: tralized authorization and authentication services to
remove security enforcement from many hundreds or
• Reduce Administrative Costs. eTrust SiteMinder
thousands of applications. With centralized security
robust set of administration tools makes it one of the
enforcement, security is consistent, comprehensive,
most manageable security systems available today.
and reliable so that no holes are left open in an
With centralized tools, security administrators can
eTrust SiteMinder secured web environment.
manage up to millions of users and secure thousands
of resources across the world, 24 hours a day, 7 days • Improve Security System Manageability. With
a week. With security in such a heterogeneous, eTrust SiteMinder’s auditing, logging and reporting
always available system being managed centrally, capabilities, administrators can keep eTrust
security administration expertise can be centralized SiteMinder running smoothly and efficiently by
to significantly reduce total cost of ownership. analyzing system activities and preventing problems
before they occur. When problems do occur, eTrust
• Reduce Development Costs. eTrust SiteMinder readily
SiteMinder’s top-notch troubleshooting tools give
integrates with existing applications so that applica-
administrators the information they need to resolve
tions can take immediate advantage of its security
the problem quickly so that security services remain
services without having to be re-designed, re-built
available.
and re-deployed. As a result, an eTrust SiteMinder
security solution can be quickly deployed, without
having to rely extensively on programmers, who can For More Information
then concentrate on business logic. eTrust Identity and Access Management Website:
www.ca.com/etrust
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This
document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “AS IS” without warranty of any kind, including,
without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage,
direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of
such damages. MP279220605