SiteMinder Overview

CA SiteMinder is enterprise level web access management software which allows organizations to manage their web users and help control their access to applications, portals and web services.

SiteMinder consists of two core components:

Policy Server:

The Policy Server provides policy management, authentication, authorization, and accounting.

SiteMinder Agents:

Integrated with a standard Web server or application server, SiteMinder Agents enable SiteMinder to manage access to Web applications and content according to predefined security policies.

How CA SiteMinder Works:

The process for securely accessing web applications:

1. User attempts to access a protected resource.

2. User is challenged for credentials and presents them to the CA SiteMinder web agent or to the Secure Proxy Server.

3. The user’s credentials are passed to the Policy Server.

4. The user is authenticated against the appropriate user store.

5. The Policy Server evaluates the user’s entitlements and grants access.

6. User profile and entitlement information is passed to the application.

7. The user gets access to the secured application, which delivers customized content.

Courtesy:http://webspheresolution.wordpress.com/2011/09/29/siteminder-overview/

PingFederate for SiteMinder

Few organizations have six to nine months to deploy secure Internet single sign-on with SiteMinder, and even fewer organizations can afford the implementation costs. Having already spent hundreds of thousands of dollars, and sometimes over a million, organizations are looking for an easier and less expensive way to provide federated identity management with SiteMinder. Organizations are turning to secure Internet single sign-on (SSO) to decrease the time and cost of providing direct access to SiteMinder protected resources and leveraging SiteMinder for identity federation with external service providers.


SiteMinder


With PingFederate and PingFederate’s® CA SiteMinder Internet single sign-on (SSO) integration kit, organizations can easily leverage their SiteMinder (formerly Netegrity SiteMinder SSO) authentication capabilities, to provide internal users with direct access to external resources over the Internet. With the same integration kit, organizations can also provide external users, such as partners and suppliers, with secure Internet SSO to resources protected by SiteMinder.

The PingFederate SiteMinder integration kit can be rapidly installed and configured less than a day, giving internal users authenticated by SiteMinder and external users who need to direct access SiteMinder protected resources immediate Internet SSO capabilities. With a PingFederate’s standalone software, you can address all of your SiteMinder secure Internet SSO needs from a single system:


* As an identity provider (IdP) you can provide your users with SSO to external services over the Internet such as software as a service (SaaS) and business process outsourcing (BPO) where they are automatically authenticated by your SiteMinder server
* As a service provider you can provide your external partners and managed services Internet SSO to applications protected by SiteMinder
* You can provide internal SSO for the enterprise and its acquisitions, affiliates, subsidiaries and joint ventures regardless of the version of SiteMinder or identity and access management system (IdM) each organization has deployed.


PingFederate for SiteMinder allows your organization to:


* Decrease the cost and time of Internet SSO implementation by 90%
* Improve access by leveraging existing SiteMinder authentication
* Decrease security risks associated with SSO over the Internet
* Provide secure Internet SSO for all connections

More Here

Courtesy:http://securidm.wordpress.com/2009/06/07/pingfederate-for-siteminder/

Automating SiteMinder Policy Management Using Perl API supplied by SiteMinder

Install Siteminder docs. then refer Perl API Policy doc for more stuff. Below is an just idea.what I did. It won’t compile if you just copy/paste :) . This script brings following ideas.
Creating
1. Connection to siteminder Policy server.
2. Webagent
3. Webagent Group.
4. Custom Auth Scheme
5. Domains
6. Realm Under Domains
7. Rules under Realms
8. Policy for the above rule.
9. Adding response to above policy, add users to policy etc.
Just refer and get an idea and you can implement your scripts easily. Good Luck & post me comment if you need anything




#! /usr/bin/perl -w
use Netegrity::PolicyMgtAPI;
# Author - Gopi
# Refer Siteminder policy API for methods arguments.
# Creating Connection to Policy Server.
$policyapi = Netegrity::PolicyMgtAPI->New();
if(!defined $policyapi)
{
die "\nFATAL: Unable to create Policy Server Connection \n";
}

print "Creating Policy Server Connection Session ..... \n";
$mysession = $policyapi->CreateSession($smuser,$smpwd,$smhost);
if(!defined $mysession)
{
die "\nFATAL: Unable to create Session \n";
}




#print "Here is a list of configured domains:\n";
#@domains = $mysession->GetAllDomains();
#foreach $domain(@domains) {
# print $domain->Name() . "\n";
#}
#@agents = $mysession->GetAllAgents();
#foreach $myagent (@agents) {
#print "Agent Name = " . $myagent->Name() . "\n";
#}
print "Creating Webagent with Name as -> myWebAgent Name ....\n";
$myagent = $mysession->CreateAgent("myWebAgent Name",
$mysession->GetAgentType("Web Agent"),
"Descritption for myWebAgent");
if(!defined $myagent)
{
die "\nFATAL: Unable to create Agent -> myWebagent Name";
}
print "Creating Webagent group -> myWebAgent Group \n";
$myagentgroup=$mysession->CreateAgentGroup("my WebAgent Group",
$mysession->GetAgentType("Web Agent"),
"myWebAgent Group Description");




if(!defined $myagentgroup)
{
die "\nFATAL: Unable to create Agent group for myWebAgnet Group";
}




# Adding Webagent to WebAgent Group
print "Adding Webagent myWebAgent Name to myWebAgent Group ";
$myagentgroup->Add($myagent);
#
print "Creating new AuthScheme -> myCustomAuth" ;
$schemeparameter="Whatever is your Custom Scheme parameters Here";
#Creating Auth Scheme
# Below is not fully populated method. See CreateAuthScheme for full syntax and method parameteres.
$authscheme=$mysession->CreateAuthScheme("myCustomAuth",
$mysession->GetAuthScheme();
# Creating Domain
print "Creating Domain -> myDomain \n";
$mydomain=$mysession->CreateDomain("myDomain","myDomain Description");
print "Adding User Directory search order \n";
# Adding User Directory search order.
$mydomain->AddUserDir($mysession->GetUserDir("1st Directory Name"));
#Creating REALMs
# Netegrity::PolicyMgtDomain->CreateRealm( realmName, agent, authScheme [, realmDesc]
# [, resFilter] [, procAuthEvents] [, procAzEvents]
# [, protectAll] [, maxTimeout] [, idleTimeout]
# [, syncAudit] [, azUserDir] [, regScheme] )
#Creating root realm
print "Creating REALM -> Protect / All \n";
$rootrealm=$mydomain->CreateRealm("myProtect all",$myagentgroup,
$authscheme,"Protect all from / ",
"/",1,1,1,43200,3600,0,
$mysession->GetUserDir("Directory Name"));
# Creating for ex:- Get,Post Rule for above Realm.
print "Creating Get,Post Rule for REALM Protect / All \n";
$rootrule=$rootrealm->CreateRule("Get,Post /","Get Post Rule","GET,POST","*");
#

More Here

Courtesy:http://gdesaboyina.wordpress.com/2009/08/08/automating-siteminder-policy-management-using-perl-api-supplied-by-siteminder/