Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

Similar documents
How to Integrate CA SiteMinder with the Barracuda Web Application Firewall

Integrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0

KB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization

OTP SERVER NETEGRITY SITEMINDER 6. Rev 1.0 INTEGRATION MODULE. Copyright, NordicEdge, 2005 O T P S E R V E R I N T E G R A T I O N M O D U L E

etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide

CA SiteMinder Federation Standalone

Dell EMC Unisphere 360

EMC Unisphere 360 for VMAX

EMC Unisphere 360 for VMAX

Installation Guide. Unisphere Central. Installation. Release number REV 07. October, 2015

etrust SiteMinder Connector for Oracle Solutions Architecture, Installation and Configuration Guide For UNIX Version 1.6 (Rev 1.

ELOQUA INTEGRATION GUIDE

CA SiteMinder. Agent for JBoss Guide SP1

User Guide for E-Rez

CA SiteMinder. Agent for JBoss Guide. r12.1 SP3. Third Edition

etrust SiteMinder Agent r6.0 for IBM WebSphere

API Gateway Version September Authentication and Authorization Integration Guide

CA SITEMINDER OVERVIEW

EMC Unisphere 360 for VMAX

Video Media Center - VMC 1000 Getting Started Guide

CA SiteMinder. Agent for JBoss Guide 12.51

Setup and Configure the Siteminder Policy Store with Dxmanager

RSA SecurID Ready Implementation Guide

WHAT S NEW in 7.9 RELEASE NOTES

myldtravel USER GUIDE

User Reference Manual

Firewall Network and Proxy Datasheet

Supports full integration with Apollo, Galileo and Worldspan GDS.

Help Document for utsonmobile - Windows Phone

CA SiteMinder Web Services Security

Travel Agent - User Guide

NAIPS Internet Service Authorised NOTAM Originator User Guide Version 3.0. (To be read in addition to NIS User Guide 3.0)

myldtravel USER GUIDE

2017 PROCEDURES HAVE CHANGED READ CAREFULLY

MYOB EXO OnTheGo. Release Notes 1.2

FAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007

Special edition paper Development of a Crew Schedule Data Transfer System

Concur Travel User Guide

Bonita Workflow. Getting Started BONITA WORKFLOW

The implications of. Simon Willison Google Tech Talk, 25th June 2007

USER GUIDE Cruises Section

By Prabath Siriwardena, WSO2

Concur Travel: View More Air Fares

Wishlist Plug-in USER GUIDE

Angel Flight Information Database System AFIDS

MyFBO Help. Contents TRAINING ONLY

MyTraveler User s Manual

IBM Tivoli Storage Manager Version Configuring an IBM Tivoli Storage Manager cluster with IBM Tivoli System Automation for Multiplatforms

CASS & Airline User Manual

Global formulas. Page1. Video filmed with GeneXus X Evolution 2

S-Series Hotel App User Guide

CA SiteMinder Web Services Security

Implementing OpenID for Your Social Networking Web Site

Revalidation of RE Projects. Accreditation and Registration

To view a video tutorial, click here:

Concur Travel-Frequently Asked Questions

UM1868. The BlueNRG and BlueNRG-MS information register (IFR) User manual. Introduction

LS-Data. Manual. Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen

ST Electronics (Info-Software Systems) Pte Ltd. AOCS ACDM Flight Information Management (FIM) Training Guide

The System User Manual

Baggage Reconciliation System

Fox World Travel/Concur Documentation Concur FAQ

myidtravel Functional Description

QuickStart Guide. Concur Premier: Travel

Multiple Wishlists extension for Magento2. User Guide

Homeport 2.0 User Guide for Public Users

NOTAM GROUP MANAGEMENT USER GUIDE

2018 PSO Profile Highlights and Tips. December 18, :00 3:00 PM

Concur Travel - Frequently Asked Questions

Click the Profile link to review and update your profile. You must save your profile before you first attempt to book a trip. TOP

PublicVue TM Flight Tracking System. Quick-Start Guide

Concur Online Booking Tool: Booking Airfare for a Guest

FOR DEALER USE ONLY. Online Resource YOUR TRAINING GUIDE. Version 3.0

FareStar Ticket Window Product Functionality Guide

Booking Airfare for Another Employee

USER GUIDE DOCUMENT VIETJET AIR FLIGHTVIEW

HEATHROW S VIP SERVICE

Punt Policing and Monitoring

PSS Integrating 3 rd Party Intelligent Terminal. Application Note. Date December 15, 2009 Document number PSS5000/APNO/804680/00

GetThere Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA

PILOT PORTAL. User s Manual for registered users. of the COMSOFT Aeronautical Data Access System (CADAS) ARO Tallinn

Online Guest Accommodation Booking System

TIMS & PowerSchool 2/3/2016. TIMS and PowerSchool. Session Overview

Concur Travel FAQs. 5. How do I log in to Concur Travel? Visit or the link is available on the Travel page of the Compass.

Hotel Booking System For Magento

Q. Can I book personal travel on the site? - The Concur site is to be used exclusively for business related travel.

Virgin Australia s Corporate Booking Portal User Guide

NHS Professionals System User Guide

FLIGHT PASS PURCHASED IN CANADA TRAVEL AGENTS FREQUENTLY ASKED QUESTIONS

Kristina Ricks ISYS 520 VBA Project Write-up Around the World

GetThere User Training

CruisePay Enhancements for 2005 Training Guide Version 1.0

Booking Airfare for Yourself

VARIBLE COMMISSIONS OVERVIEW

Tivoli/Plus for ADSM 1.0

What if I just want to obtain flight schedules without making a reservation?

Product information & MORE. Product Solutions

Circular No. : NCDEX/TECHNOLOGY-027/2013/322 Date : October 23, 2013 Subject : Mock Trading Session for Spread day orders through Tradex Version 3.1.

SERVICE ADVISORY NO.: 1506 Rev A

Job Aid. ESS - Create request for Self-ticketing (Low value fares)

Transcription:

Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) Within the Secure Access device, a SiteMinder instance is a set of configuration settings that defines how the Secure Access device interacts with the SiteMinder policy server. To configure the SiteMinder server instance: 1. In the NSM navigation tree, select Device Manager > Devices. 2. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure etrust SiteMinder server instance. 3. Click the Configuration tab and select Authentication > Auth Servers. The corresponding workspace appears. NOTE: If you want to update an existing server instance, click the appropriate link in the Auth Server Name box, and perform the Steps 5 through 10. 4. Click the New button. The New dialog box appears. 5. In the Auth Server Name list, specify a name to identify the server instance. 6. Select SiteMinder Server from the Auth Server Type list. 7. Configure the server using the settings described in Table 1. 8. Click one: OK Saves the changes. Cancel Cancels the modifications. 9. Set advanced SiteMinder configuration options (optional) using the settings described in Table 2. Table 1: Secure Access etrust SiteMinder Configuration Details Siteminder Settings > Basic Settings tab Policy Server Specifies the name or IP address of the SiteMinder policy server. Enter a name or IP address. Backup Server(s) Specifies a list of backup policy servers (optional). Enter a comma-delimited list of backup policy servers (optional). Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) 1

Failover Mode? Allows the Secure Access device to use the main policy server unless it fails. Select Yes Secure Access device uses the main policy server unless it fails. Select No Secure Access device load balances among all the specified policy servers. Agent Name Specifies the SiteMinder agent name. Enter an agent name. NOTE: Shared secret and agent name are case-sensitive. Secret Specifies the shared secret. Enter a shared secret name. NOTE: Shared secret and agent name are case-sensitive. Compatible with On logout, redirect to Protected Resource Specifies a SiteMinder server version. Version 5.5 supports 5.5 and 6.0. Version 6.0 supports only 6.0 of the SiteMinder server API. The default value is 5.5 policy servers. Specifies a URL to which users are redirected when they sign out of the Secure Access device (optional). If you leave this field empty, users see the default Secure Access device sign-in page. Specifies a default protected resource. If you do not create sign-in policies for SiteMinder, the Secure Access device uses this default URL to set the user s protection level for the session. The Secure Access device also uses this default URL if you select the Automatic Sign-In option. Select the server version from the NOTE: You must enter a forward slash (/) at the beginning of the resource (for example, enter /ive-authentication ). Siteminder Settings > SMSESSION cookie settings tab 2 Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

Cookie Domain Specifies the cookie domain of the Secure Access device. Enter a URL for the cookie domain. NOTE: Multiple domains should use a leading period and be comma separated. For example:.sales.myorg.com,.marketing.myorg.com. Domain names are case-sensitive. You cannot use wildcard characters. For example, if you define.juniper.net, the user must access the Secure Access device as http://secure access device.juniper.net to ensure that his SMSESSION cookie is sent back to the Secure Access device. IVE Cookie Domain Protocol Specifies the internet domain(s) to which the Secure Access device sends the SMSESSION cookie using the same guidelines outlined for the Cookie Domain field. Sends cookies securely and non securely. Select the protocol from the drop-down list: HTTPS Sends cookies securely if other Web agents are set up to accept secure cookies. HTTP Sends cookies non securely. Siteminder Settings > Authentication tab Automatic Sign-In Allows users with a valid SMSESSION to automatically sign in to the Secure Access device. Select the Automatic Sign-In option to enable this feature. Automatic Sign In realm to use Specifies an authentication realm for automatically signed-in users. The Secure Access device maps the user to a role based on the role mapping rules defined in the selected realm. Select an authentication realm from the Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) 3

If Automatic Sign In fails, redirect to Specifies an alternate URL for users who sign into the Secure Access device through the Automatic Sign-In mechanism. The Secure Access device redirects users to the specified URL if the Secure Access device fails to authenticate and no redirect response is received from the SiteMinder policy server. If you leave this field empty, users are prompted to sign back in to the Secure Access device. NOTE: Users who sign in through the sign-in page are always redirected back to the Secure Access device sign-in page if authentication fails. > Custom Agent > Form POST Form POST Target Authenticates using the Secure Access device custom Web agent. Posts user credentials to a standard Web agent that you have already configured rather than contacting the SiteMinder policy server directly. Specifies the target URL. NOTE: The form post target, form post protocol, form post Webagent, form post port, form post path, and form post parameters field are displayed only when you select Form Authentication type drop down list. Authentication > > Custom Agent option from the Authentication > > Form drop-down list to allow the Web agent to contact the policy server to determine the appropriate sign-in page to display to the user. Enter the target URL. 4 Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

Form POST Protocol Allows you to specify the protocol for communication between IVE and the specified Web agent. NOTE: This field is displayed only when you select the Form Select the protocol from the drop-down list: HTTP For non secure communication. HTTPS For secure communication. Form POST Webagent Specifies the name of the Web agent from which the Secure Access device is to obtain SMSESSION cookies. NOTE: This field is displayed only when you select Form Enter the name of the web agent. Form POST Port Specifies the port for the protocol. NOTE: This field is displayed only when you select the Form Enter port 80 for HTTP or port 443 for HTTPS. Form POST Path Specifies the path of the sign-in page. NOTE: This field is displayed only when you select the Form Enter the path of the Web agent s sign-in page. NOTE: The path must start with a backslash (/) character. In the Web agent sign-in page URL, the path appears after the Web agent. Form POST Parameters Specifies the post parameters to be sent when a user signs in. NOTE: This field is displayed only when you select the Form Enter the post parameters. Common SiteMinder variables that you can use include USER, PASS, and TARGET. These variables are replaced by the username and password entered by the user on the Web agent s sign-in page and by the value specified in the Target field. These are the default parameters for login.fcc if you have made customizations, you may need to change these parameters. Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) 5

> Delegate to a Standard Agent Delegates authentication to a standard agent. When the user accesses the Secure Access device sign-in page, the Secure Access device determines the FCC URL associated with the protected resource s authentication scheme. The Secure Access device redirects the user to that URL, setting the Secure Access device sign-in URL as the target. After successfully authenticating with the standard agent, an SMSESSION cookie is set in the user s browser and the user is redirected back to the Secure Access device. The Secure Access device then automatically signs in the user and establishes a Secure Access session. Authentication > > Delegate to a Standard Agent option from the Authentication Type Siteminder Settings > Authorization tab Authorize requests against SiteMinder policy server Uses SiteMinder policy server rules to authorize user Web resource requests. If you select this option, make sure that you create the appropriate rules in SiteMinder that start with the server name followed by a forward slash, such as: "www.yahoo.com/", "www.yahoo.com/*", and "www.yahoo.com/r/f1". Authorization >Authorize requests against SiteMinder policy server. 6 Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

If authorization fails, redirect to Specifies an alternative URL that users are redirected to if the Secure Access device fails to authorize and no redirect response is received from the SiteMinder policy server. If you leave this field empty, users are prompted to sign back in to the Secure Access device. NOTE: If you are using an authorization-only access policy, you must enter an alternative URL in this field regardless of whether the Authorize requests against SiteMinder policy server option is selected. Users are redirected to this URL when an access denied error occurs. See Defining authorization-only access policies. Resource for insufficient protection level Ignore authorization for files with extensions Specifies a resource on the Web agent to which the Secure Access device redirects users when they do not have the appropriate permissions. Specifies file extensions corresponding to file types that do not require authorization. Enter the extensions of each file type that you want to ignore, separating each with a comma. For example, enter.gif,.jpeg,.jpg,.bmp to ignore various image types. You cannot use wildcard characters (such as *, *.*, or.*) to ignore a range of file types. Server Catalog > Expressions tab Name Specifies a name for the user expression in the SiteMinder user directory. Enter a name. Value Specifies a value for the user expression in the SiteMinder user directory. Enter a value. Server Catalog > Attributes tab Name Specifies the name of the user attribute cookie in the SiteMinder user directory. Enter a name. Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) 7

Table 2: Secure Access etrust SiteMinder Advanced Configuration Details Siteminder Settings > Advanced tab Poll Interval (seconds) Specifies the interval at which Secure Access device polls the SiteMinder policy server to check for a new key. Enter the poll interval in seconds. Maximum Agents Controls the maximum number of simultaneous connections that the Secure Access device is allowed to make to the policy server. NOTE: The default setting is 20. Enter a number. Maximum Requests/Agent Controls the maximum number of requests that the policy server connection handles before the Secure Access device ends the connection. If necessary, tune to increase performance. NOTE: The default setting is 1000. Enter a number. Idle Timeout (minutes) Authorize while Authenticating Controls the maximum number of minutes a connection to the policy server may remain idle (the connection is not handling requests) before the Secure Access device ends the connection. The default setting of none indicates no time limit. Specifies that the Secure Access device should look up user attributes on the policy server immediately after authentication to determine if the user is truly authenticated. Enter the Idle timeout in minutes. Advanced > Authorize while Authenticating. 8 Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

Table 2: Secure Access etrust SiteMinder Advanced Configuration Details (continued) Siteminder Settings > Advanced tab Enable Session Grace Period Eliminates the overhead of verifying a user s SMSESSION cookie each time the user requests the same resource by indicating that the Secure Access device should consider the cookie valid for a certain period of time. If you do not select this option, the Secure Access device checks the user s SMSESSION cookie on each request. Advanced > Enable Session Grace Period to enable this feature. You can eliminate the overhead of verifying a user s SMSESSION cookie each time the user requests the same resource by indicating that the Secure Access device should consider the cookie valid for a certain period of time. During that period, the Secure Access device assumes that its cached cookie is valid rather than revalidating it against the policy server. Note that the value entered here does not affect session or idle timeout checking. Validate cookie every (seconds) Ignore Query Data Accounting Port Specifies the time period for the Secure Access device to eliminate the overhead of verifying a user s SMSESSION cookie each time the user requests the same resource by indicating that the Secure Access device should consider the cookie valid for a certain period of time. Specifies that the Secure Access device does not cache the query parameter in its URLs. Therefore, if a user requests the same resource as is specified in the cached URL, the request should not fail. Specifies that the value entered in this field must match the accounting port value entered through the Policy Server Management Console in the web UI. By default, this field matches the policy server s default setting of 44441. Enter the time period in seconds. Select the Ignore Query Data option to enable this feature. Enter the value. Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) 9

Table 2: Secure Access etrust SiteMinder Advanced Configuration Details (continued) Siteminder Settings > Advanced tab Authentication Port The value entered in this field must match the authentication port value entered through the Policy Server Management Console. By default, this field matches the policy server s default setting of 44442. Enter a value. Authorization Port The value entered in this field must match the authorization port value entered through the Policy Server Management Console. By default, this field matches the policy server s default setting of 44443. Enter a value. Related Topics Configuring a Secure Access Certificate Server Instance (NSM Procedure) Configuring a Secure Access SAML Server Instance (NSM Procedure) Configuring a Secure Access Anonymous Server Instance (NSM Procedure) Published: 2009-08-20 10 Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback