Technical Whitepaper Der V2

White Paper

eTrust SiteMinder r6 ™

Technical White Paper June 2005

®

Table of Contents The Challenge: Building and Managing Secure Websites and Applications ....................................................................4 Building the Secure Website ..................................................................................................................................................4 Choosing the correct authentication technology ........................................................................................................4 Building the user directory ............................................................................................................................................4 Providing a quality single sign-on experience ............................................................................................................5 Managing the Secure Website ..........................................................................................................................................5 Implementing security for multiple web applications ................................................................................................5 Managing the security infrastructure ..........................................................................................................................5 Keeping user administration costs down ....................................................................................................................5 Choosing the correct technology partner ....................................................................................................................5 eTrust SiteMinder Features and Benefits..............................................................................................................................6 Authentication Management ............................................................................................................................................6 Authorization Management ..............................................................................................................................................6 Role based access control (RBAC) ................................................................................................................................6 eTrust SiteMinder eTelligent Rules ..............................................................................................................................6 Auditing and Reporting ......................................................................................................................................................7 Enterprise Manageability ..................................................................................................................................................7 Performance, Availability, Reliability, Scalability ............................................................................................................7 Performance ........................................................................................................................................................................7 Availability and Reliability ............................................................................................................................................7 Scalability ........................................................................................................................................................................7 Security............................................................................................................................................................................7 Broad Platform Support ................................................................................................................................................8 A Standards-based Solution ..............................................................................................................................................8 eTrust SiteMinder Architecture ..............................................................................................................................................8 eTrust SiteMinder Policy Server ........................................................................................................................................9 Access control services in a single process ................................................................................................................9 eTrust SiteMinder Agents ..................................................................................................................................................9 Web agents ....................................................................................................................................................................9 Application server agents ..............................................................................................................................................9 SAML affiliate agents ....................................................................................................................................................9 Enterprise application agents........................................................................................................................................9 Secure Proxy Server ........................................................................................................................................................10 Native Directory Integration ............................................................................................................................................11 eTrust SiteMinder Authentication Management ................................................................................................................11 Authentication Methods ..................................................................................................................................................11 Authentication Policies ....................................................................................................................................................11 Certificate Combinations and Alternatives ....................................................................................................................11 Forms-based Certification ................................................................................................................................................12 Authentication Levels ......................................................................................................................................................12 Directory Mapping ............................................................................................................................................................12 Password Services............................................................................................................................................................12 Impersonation ..................................................................................................................................................................13 eTrust SiteMinder Authorization Management ..................................................................................................................13 eTrust SiteMinder Policies ..............................................................................................................................................14 Global Policies ..................................................................................................................................................................15 Role based access control (RBAC) ..................................................................................................................................15 Single Sign-On ......................................................................................................................................................................15 Single and Multiple Cookie Domains..............................................................................................................................16 Federated Security Services ............................................................................................................................................16 Microsoft .NET Passport integration ..........................................................................................................................17 Single Sign-on in the Windows Environment................................................................................................................18 Windows integrated security ......................................................................................................................................18 Windows application login ..........................................................................................................................................18

Auditing and Reporting ........................................................................................................................................................18 Auditing ............................................................................................................................................................................18 Reporting ..........................................................................................................................................................................18 Report drill down capabilities......................................................................................................................................18 Activity reports..............................................................................................................................................................19 Intrusion reports ..........................................................................................................................................................19 Administrative reports ................................................................................................................................................19 Time series reports ......................................................................................................................................................19 Enterprise Manageability......................................................................................................................................................19 OneView Monitor..........................................................................................................................................................19 Environment Collector ................................................................................................................................................20 Test Tool ........................................................................................................................................................................20 Logging and policy profiling ......................................................................................................................................20 Centralized Agent Management ......................................................................................................................................21 Rapid Policy Deployment ................................................................................................................................................21 Unattended installations ..............................................................................................................................................22 Command line interface ..............................................................................................................................................22 Performance, Reliability, Scalability and Availability ........................................................................................................22 Performance ......................................................................................................................................................................22 Bulk operations ............................................................................................................................................................22 Authentication and authorization................................................................................................................................22 Reliability, Availability and Scalability ............................................................................................................................23 Policy server clusters ..................................................................................................................................................23 Security ..................................................................................................................................................................................23 Data Confidentiality ..........................................................................................................................................................24 Mutual Authentication ......................................................................................................................................................24 Revocation of User Credentials ......................................................................................................................................24 Encrypted Session Cookies..............................................................................................................................................24 Session and Idle Timeouts ..............................................................................................................................................24 Rolling Keys ......................................................................................................................................................................24 Hardware Stored Encryption Keys ..................................................................................................................................24 LDAP Protection from Denial-of-service Attacks............................................................................................................24 Protection from Cross-site Scripting ..............................................................................................................................25 Unique Secure HTTP Header Passing ............................................................................................................................25 Advanced Web Agents ....................................................................................................................................................25 eTrust SiteMinder Developer Capabilities ..........................................................................................................................25 Creating Custom Agents ..................................................................................................................................................25 Single Sign-on Support for Custom Agents ..................................................................................................................25 Managing the Policy Store ..............................................................................................................................................26 Managing the User Store ................................................................................................................................................26 Creating a Custom Authentication Scheme ..................................................................................................................26 Flexible Authorization ......................................................................................................................................................26 Adding a Directory Provider ............................................................................................................................................26 Integrating with eTrust SiteMinder Events ....................................................................................................................26 Session Server API ..........................................................................................................................................................26 Creating a Secure Communication Tunnel ....................................................................................................................26 Summary ..............................................................................................................................................................................27 For More Information ..........................................................................................................................................................27

• Enhancing the user experience. How can companies provide a personal, easy to navigate online session for their users, and at a low cost?

The Challenge: Building and Managing Secure Websites and Applications

From a user perspective, these new-generation sites and applications must be:

With its extended reach and power, the internet has fundamentally changed traditional business processes. E-business has ushered in the widespread deployment of intranets, business-to-business (B2B) extranets and e-commerce websites. These sites extend business processes to the furthest reaches of the web, enabling partners and customers to access critical applications, information, services, and transactions anytime and anywhere.

• Responsive. To deliver high-performance applications, whether they're for customers, partners, or employees. • Interactive. To provide the right users access to the right applications, data, services, and other resources, all of them, at the right time. • Simple. To provide a seamless user experience with cross-domain access.

Companies are redeploying the applications that they have built over the years with web front ends, as well as deploying new applications on web servers, J2EE based application servers, and even mainframe systems that include web servers. As they open up their businesses to new users through the web, they face new and complex challenges.

Today, corporate IT infrastructures are often insufficient to meet the demands of e-business and unable to manage multiple types of applications accessed by multiple types of users (employees, customers, suppliers and partners) using multiple types of devices (laptops, PDAs, cell phones). Many sites must accommodate millions of users and many millions of transactions without jeopardizing security. In particular, implementers face several challenging business and technical problems grouped into two major areas: first, building the secure website and then, managing the secure website.

Companies must solve a new generation of manageability issues, from deployment of online resources throughout a global environment through monitoring and reporting of online activities. IT professionals need to support heterogeneous environments by providing flexible deployment approaches. They need to provide enterprise-class performance, availability, and scalability to support potentially millions of users. And they must ensure a long life for these systems by embracing open standards and platforms.

Building the Secure Website For web developers, the process of building a secure website can be very complex. Whether it’s managing multiple user directories or creating a shared service for authentication, authorization and audit, they need new tools to design and build robust security.

From the security perspective, there are several factors that must be carefully considered: • Authentication. Who will access the system? Will multiple companies, such as partners, need access? How will authentication across multiple websites be handled? Is a simple password policy appropriate, or are stronger controls needed?

Choosing the correct authentication technology Due to implementation challenges, security managers often struggle to define a unified authentication strategy across internet and intranet applications. The result is that either high-value applications are not protected by equally secure authentication systems or low value web applications are protected by authentication systems that might actually push users away. Companies need a single method to deploy multiple authentication systems in a unified strategy that ensures high value applications are protected by strong authentication while lower value applications are protected by simpler user name/password systems.

• Authorization. Companies need powerful policies that can be easily replicated for similar applications and services. They need to implement a single shared service to simplify and speed administration, and to reduce the burden on application developers. • Audit. Companies must closely track how the security system is being used. System administrators need detailed system data to fine-tune performance and business managers need activity data to demonstrate compliance with security policies and regulations.

Building the user directory Traditionally, security administrators have deployed an authentication system and access control list (ACL) with each application. For a small number of critical applications, this one-to-one authentication system might be feasible. However, as the number and complexity of applications increases, this approach

• Entitlement service. How can companies tie in all of the entitlements, that is, profile characteristics of individual users, from multiple directories and user stores into a single, shared security service?

4

and users increases, administrative costs can spike drastically. As web applications continue to gain in strategic importance, the management and administration of these complex environments will be among the most pressing IT challenges.

quickly becomes unmanageable. With each application storing its own user privilege information within an application-specific repository or ACL, separate from any corporate user directory, redundant user administration and user databases are created that quickly get out of synchronization with the corporate directory, compromising security and the user experience.

Keeping user administration costs down Whether it’s expanding the customer base, adding suppliers to the extranet, reorganizing divisions, or improving service quality, people are the center of every business initiative. But, as e-business websites grow, the number of users interacting with the sites also grows, and those increases translate into a broad range of significant management challenges:

Providing a quality single sign-on experience Successful websites need to provide customers with the information and services they want, and that the company wants them to see, in a personalized context that is easy to understand and navigate. If the content is not personalized, or if users must endure multiple sign-ons to different applications, they become quickly frustrated and go elsewhere. In addition, companies might forge relationships with any number of affiliates and partners whose sites, information and services offer complementary value.

• Assigning authentication methods to resources and users • Synchronizing IDs and passwords across multiple directories • Enabling self-registration and password support for users

Federation enables companies to provide users single sign-on by transparently linking to all resources within the company’s main website, and its affiliates’ websites from the main site. Single sign-on lets users easily conduct business or obtain more detailed product information.

• Providing phone and online support to thousands or millions of users, 24x7, around the globe. Choosing the correct technology partner Total cost of ownership is directly related to the ability to support open standards that leverage existing IT investments, offer extensive partnership integration, avoid vendor dead-ends, and minimize expensive third-party integration. It’s possible, of course, to achieve an impressive return on investment (ROI) by moving applications, and the business processes they support, to the web, but the key is how to do so cost effectively. As new web applications are deployed, ROI numbers rise, but with each new application, access, security management, and scalability requirements and issues also arise. To solve that problem, companies need comprehensive open application program interfaces (APIs), directory mapping, and a 24x7 redundant architecture.

Managing the Secure Website From an operational perspective, security issues also play an important role in how companies manage and operate websites. Key issues include leveraging redundant points of administration and managing the associated costs of supporting multiple applications and platforms. Implementing security for multiple web applications The scheme for managing authentication and authorization for web resources often varies across web servers, application servers, operating systems and development tools. Consequently, administration and authorization capabilities can vary greatly. These differences can lead to administrative problems as well as an inconsistent security framework because these more complex environments are often more costly and time consuming to administer than singleplatform environments. As a result, the quality of website security is often lower in heterogeneous environments, which is clearly an unacceptable situation.

The right solution removes security from each application and centralizes all user management and security in one place. eTrust™ SiteMinder® is the right solution: it provides corporate and consumer e-business sites with the secure, scalable and reliable identity and privilege management infrastructure they require for conducting business. It also provides centralized control that administrators need to efficiently manage and support that security infrastructure.

Managing the security infrastructure It’s a daunting and expensive challenge to deploy large-scale websites that can encompass hundreds of web servers, applications, and security policies as well as multiple types of authentication systems to enforce authentication and access control; all with 24x7 continuous availability. As the number of applications

5

eTrust SiteMinder Features and Benefits

company’s main site, without having to be re-authenticated. Companies with eTrust SiteMinder security solutions can interoperate securely and more effectively with more sites, including sites that use other security solutions. Users experience a more seamless experience across affiliated sites, improving the chances for increased revenue and enhanced relationships.

eTrust SiteMinder offers the type of solution businesses need to meet the challenge of building and managing secure websites. eTrust SiteMinder provides all the essential security services required to meet this challenge, while also including management features and technical capabilities that can reduce the total cost of ownership.

Authorization Management eTrust SiteMinder centralizes the administration of user entitlements for customers, partners and employees across all web applications through a shared service. The eTrust SiteMinder advanced architecture and ability to enforce all web-based security policies across the enterprise eliminates the need for redundant user directories and application-specific security logic. Centralized authorization greatly reduces development costs by allowing developers to focus on the application business logic, not on enforcing security policies.

Authentication Management eTrust SiteMinder supports a broad range of authentication methods including passwords, tokens, X.509 certificates, custom forms, and biometrics, as well as combinations of authentication methods. It also supports certificate validation through either certificate revocation lists (CRL) or Online Certificate Status Protocol (OCSP). eTrust SiteMinder integrates with industry-leading directory services and user stores, eliminating redundant administration of user information. This integration simplifies administration and provides unique and comprehensive security capabilities. eTrust SiteMinder fully leverages existing user directories, from leading LDAP directories and relational databases, to mainframe security directories.

eTrust SiteMinder provides security and access management through its security policies, which are designed to accommodate the user and the user’s relationship to the protected resource. A policy protects resources by explicitly allowing or denying user access. It specifies the resources that are protected, the users, groups or roles that have access to these resources, the conditions under which this access should be granted, and the delivery method of those resources to authorized users. If a user is denied access to a resource, the policy also determines how that user should be handled.

With single sign-on (SSO) and federation, users get a unified and personalized view to all available resources within and across enterprise boundaries. Businesses and their partners can provide their customers with all their available services; access to all relevant, authorized information; and access to multiple applications that run on multiple servers, multiple platforms, and across multiple internet domains. Single sign-on provides a rich user experience, increased security and reduced customer support costs due to lost passwords.

Role based access control (RBAC) eTrust SiteMinder, when used with eTrust™ IdentityMinder®, gives enterprises the ability to extend existing authorization policies to roles established for users in eTrust IdentityMinder. Using eTrust IdentityMinder, enterprises can map organizational structure as well as functional responsibilities to create and manage roles. eTrust SiteMinder can then bind policies to roles for end-toend identity and access management control.

eTrust SiteMinder Federated Security Services let users move across partner and affiliated websites, without having to be re-authenticated. eTrust SiteMinder provides these services by implementing SAML, a standards-based technology. SAML specifies a framework for sharing security information through XML documents, called assertions. eTrust SiteMinder can consume incoming SAML assertions and can produce outgoing SAML tokens. As a result, eTrust SiteMinder provides a complete, bi-directional SAML federation that enables maximum interoperability among enterprises; that is, users can be authenticated either at a company’s main site and go to any partner site, or be authenticated at a partner site and go to the

eTrust SiteMinder eTelligent Rules As a business grows and changes, existing security logic within applications will likely have to be modified or extended. With eTrust SiteMinder, security administrators can use eTelligent Rules to make those security logic changes outside the applications, without changing program code, further reducing reliance on programming. Most other security solutions would have to rely on applications being re-programmed, re-built and re-deployed.

6

Availability and Reliability eTrust SiteMinder reliably and effectively helps to ensure that the entire environment that is being secured remains available and accessible to the right users. Administrators can set up load balancing and failover so that if one eTrust SiteMinder component is unavailable, the next one will be used without interruption to the user. Even if an eTrust SiteMinder component fails, it will automatically be re-started to keep all operations going all the time.

Auditing and Reporting Auditing and reporting lets managers track user and administrative activity and analyze and correct security events and anomalies. eTrust SiteMinder lets companies define activities within the eTrust SiteMinder environment to be logged and where that information should be stored: in a file or in a relational database. Both the policy server and web agents provide separate audit logging and debug logging.

eTrust SiteMinder administrators also have the option to cluster policy servers, that is, to group together policy servers based on criteria that are important to the security system implementation. Once policy servers are clustered, administrators can set up dynamic load balancing within the cluster and automatic failover among clusters to meet the increasing high performance, high availability requirements of a growing enterprise.

Enterprise Manageability eTrust SiteMinder enables efficient management practices in all areas of security system operations, including responsive troubleshooting, fast day-to-day execution of routine operations and easy-to-manage periodic operations. Daily activities, such as troubleshooting, password services and reporting, can be completed faster and better because eTrust SiteMinder provides centralized administration tools for the entire security environment. eTrust SiteMinder also provides tools that let administrators easily manage deployment, including remote agents and security policies, regardless of the size of the security environment.

Scalability eTrust SiteMinder can be scaled to meet security requirements for almost any website, both in terms of numbers of users and numbers of resources. With eTrust SiteMinder, security administrators don’t have to worry about their company’s new acquisitions or new partnerships. eTrust SiteMinder will be able to handle it: new users, new platforms, new applications, or additional spoken languages. No portion of the enterprise would go unsecured, possibly leaving holes that unauthorized users could take advantage of.

Performance, Availability, Reliability, Scalability As more web applications are deployed and more business is conducted by more people online, companies need a security solution that is efficient, available, reliable, and scalable. eTrust SiteMinder meets all these criteria, especially for very large deployments.

In terms of numbers of users, eTrust SiteMinder can work effectively and efficiently with many millions of users with information stored on a broad array of user stores. By centralizing user access management, security administrators can manage all security requirements for all categories of users throughout the enterprise, from a single location.

Performance Based on independent third-party comparison against published data from other vendors, eTrust SiteMinder has proven its ability to provide significantly higher transaction rates than competing solutions. eTrust SiteMinder is the only solution with proven deployments supporting millions of users at companies like American Express, E-Trade and General Electric.

Security eTrust SiteMinder offers the most secure communications architecture in the industry. With 128-bit encryption and hardware token-based encryption key management and storage, eTrust SiteMinder combines the best of security and manageability by deploying a mix of eTrust SiteMinder Agents and eTrust SiteMinder Secure Proxy Servers across a single policy model. In addition, eTrust SiteMindersupports a comprehensive set of password services including password composition, dictionary checking and expiration rules allowing you to implement robust password rules.

eTrust SiteMinder achieves these high levels of performance by optimizing the speed of its policy server, the component that runs the centralized security services. With quick start-up and fast runtime performance, the policy servers provide efficient security services capable of supporting millions of users and thousands of protected resources.

7

eTrust SiteMinder Architecture

Broad Platform Support To help achieve a higher return on investment (ROI) and lower total cost of ownership (TCO), eTrust SiteMinder leverages existing technology investments by supporting leading infrastructure components, including directories, web servers, application servers, platforms and authentication methods. eTrust SiteMinder provides native-directory integration with existing directories and databases (LDAP, AD, NT Domain, MS SQLServer and Oracle) and integrates with a large number of leading enterprise applications, such as SAP, Siebel and PeopleSoft. In addition, eTrust SiteMinder includes J2EE application server agents, enabling fine-grained access control of IBM WebSphere and BEA WebLogic Server hosted applications. eTrust SiteMinder extends its security management and single sign-on capabilities to the OS/390 mainframe platform with a web agent for the IBM HTTP web server and support for RACF and ACF2 security directories through the eTrust SiteMinder Security Bridge. What’s more, eTrust SiteMinder also supports authentication for network access devices, including firewalls, dialup servers, and other RADIUScompliant devices. eTrust SiteMinder is fully multibyte enabled and can be used to secure the deployment of multilingual sites.

eTrust SiteMinder is one of the industry’s leading directory-enabled access management systems. eTrust SiteMinder enables administrators to assign authentication schemes, define and manage authorization privileges to specific resources, and create rules and policies to implement these authorization permissions. With eTrust SiteMinder, companies can implement security policies to completely protect the content of an entire website. eTrust SiteMinder consists of two primary components, the eTrust SiteMinder Policy Server and eTrust SiteMinder Agents. See Figure 1 for an overview of the architecture of eTrust SiteMinder. Secured Applications

eTrust SiteMinder Secure Proxy Server

Destination Web Servers

Finance HR/Payroll Intranet Supply Chain

User & Entitlement Stores

Users

Employees Partners Customers

eTrust SiteMinder Policy Server

LDAP Databases Mainframes NT Domain

Secured Applications

A Standards-Based Solution

Web Server

Even with eTrust SiteMinder’s extensive support for leading infrastructure technologies, there are many legacy and custom applications that many companies want to integrate into their web security system. At the same time, technology investments must remain open to best-of-breed technologies and not be locked in to a limited number of vendors. eTrust SiteMinder is the industry leader in adopting and supporting new technology standards as well as offering an extensive and well-documented series of Java and C application programming interfaces (APIs) throughout the product. eTrust SiteMinder is developed on open standards. The eTrust SiteMinder development team was a leading designer of the Oasis XML security standard, known as Security Assertions Markup Language (SAML).

CRM Customer Service Partner Extranet e-Commerce

Figure 1. eTrust SiteMinder Architecture Overview

1. User attempts to access a protected resource. 2. User is challenged for his credentials and presents them to the Web Agent or to the Secure Proxy Server 3. The user’s credentials are passed to the policy server 4. The user is authenticated against the appropriate user store 5. The policy server evaluates the user’s entitlements and grants access 6. User profile and entitlement information is passed to the application 7. The user gets access to the secured application which delivers customized content to the user

8

eTrust SiteMinder Policy Server

The web agent caches extensive amounts of contextual information about the current user’s access. The caching parameters that control these services are fully tunable by the administrator to optimize performance and security.

The eTrust SiteMinder Policy Server is the heart of eTrust SiteMinder. The policy server provides the key security decision-making operations for eTrust SiteMinder. This high-performance server provides load balancing, failover and caching for superior reliability and speed. Policy servers have been designed to be reliable, fast, and easy to manage, so they can be scaled to meet today’s and tomorrow’s business requirements. Policy server operations are optimized to get them initialized and running quickly.

Application server agents To secure more fine-grained objects such as servlets, JSPs, or EJB components, which could comprise a full-fledged distributed application, eTrust provides a family of eTrust SiteMinder application server agents (ASAs). ASAs are plug-ins that communicate with the eTrust SiteMinder Policy Server to extend single sign-on (SSO) across the enterprise, including J2EE application server-based applications. ASAs protect fine-grained resources hosted in an application server by superseding the native application server’s security mechanisms.

Access control services in a single process The eTrust SiteMinder Policy Server is a single-process engine that runs all four shared services: authentication, authorization, administration and auditing. The single, multi-threaded process results in a highly efficient, simple-to-manage system. The run-time performance is very fast because the single process server requires a smaller total memory footprint than a multi-process server and thread context switches run faster than process context switches.

For more information about the BEA WebLogic and IBM WebSphere ASAs, refer to eTrust’s white papers available on (http://www.ca.com/etrust).

SAML affiliate agents E-business sites often link directly to any number of affiliate websites to drive traffic and business to these affiliate sites. For example, a customer might visit a sports-oriented site and follow a link to an affiliate site that offers custom-made sports equipment. The main site benefits from this arrangement because it can draw more customers by providing a wide variety of services and content, and it also generally receives a commission for any purchases made on the affiliate site by a customer who originally came from the main site. Both companies benefit from these partnerships, and it is in the best interest of the main site if the user experience on the affiliate site is highly personalized.

eTrust SiteMinder Agents Agents are the enforcement mechanisms for policybased authentication and access control. They integrate with web servers, application servers, enterprise applications or custom applications to enforce access control based on defined policies.

Web agents Web agents control access to web content and deliver a user’s security context, managed by eTrust SiteMinder, directly to any web application being accessed by the user. By placing an agent in a web server that is hosting protected web content or applications, administrators can coordinate security across a heterogeneous environment of systems and create a single sign-on environment for all users.

An eTrust SiteMinder affiliate agent resides on the affiliate’s web server and passes the user profile and entitlement information to applications running on the affiliate site. The user sees a seamless and personalized experience as the user moves from site to site. The result is better customer relations for both business partners and a much higher likelihood of a customer transaction.

For web servers, the web agent integrates through each web server’s extension API. It intercepts all requests for resources (URLs) and determines whether each resource is protected by eTrust SiteMinder. If the resource is not eTrust SiteMinder-protected, the request is passed through to the web server for regular processing. If it is protected by eTrust SiteMinder, the web agent interacts with the policy server to authenticate the user and to determine if access to the specific resource is allowed. Depending on the policy for the requested resource, the web agent can also pass to the application a response that consists of the user’s attributes from the user directory and entitlement information. The application can use the entitlement information to personalize the page content according to the needs and entitlements of each user.

Enterprise application agents eTrust SiteMinder provides several agents that integrate directly with the most widely used enterprise applications.

9

SAP Agent The SAP Agent enables SAP R/3 customers to extend SSO to their SAP users and to affiliate sites as well. The SAP Agent provides a second level of authentication behind the DMZ in a trusted zone or corporate internal network, enforces session synchronization, and enables choices in authentication technologies for SAP user authentication.

application. A custom agent working with the policy server as the core engine can extend the types of resources that eTrust SiteMindercan protect.

Secure Proxy Server The eTrust SiteMinder Secure Proxy Server is a turnkey, high performance, proxy gateway that secures a company’s backend servers, offering an alternative deployment model for eTrust SiteMinder. With Secure Proxy Server, eTrust SiteMinder offers two complementary policy enforcement strategies for a more flexible and secure web access architecture. Customers may choose to deploy traditional eTrust SiteMinder agents or the Secure Proxy Server. These solutions may be used singly, or in combination, to provide the optimum security and administration environment for any site.

Oracle Agent The Oracle Agent for Oracle extends SSO to Oracle users to their corporate web and application servers, as well as to affiliate sites. The eTrust SiteMinder Connector for Oracle Solutions also provides administrators with the flexibility to select a variety of authentication methods. PeopleSoft Agent The PeopleSoft Agent for PeopleSoft 8 enables PeopleSoft implementers to extend SSO to PeopleSoft users. In addition, the eTrust SiteMinderAgent provides PeopleSoft 8 sites with the flexibility to choose the authentication security technology, verification of user session data within the application server, and enforced synchronization between eTrust SiteMinder and PeopleSoft Application Server sessions.

Key benefits of the Secure Proxy Server include: • Increased Security. Secure Proxy Server provides multiple authentication schemes, basic, formsbased and certificate-based, while providing a single access management point. It prevents non-authenticated traffic from entering any point in the DMZ and eliminates the exposure of network topology to outside users.

Siebel Agents The Siebel Solutions Agents use the Security Adaptor interface for the Siebel Object Manager to achieve the critical, Tier 2 security integration. With the eTrust SiteMinder SSO solution for Siebel, security administrators can implement a wide variety of authentication technologies to identify Siebel, link user sessions to ensure user single sign-out as well as increasing overall website security as the Siebel Object Manager and the eTrust SiteMinder Policy Server do not reside in the DMZ. eTrust SiteMinder enables Siebel customers to extend SSO to their entire corporate web and application servers, as well as to partner affiliate sites.

• Greater Deployment Flexibility. Secure Proxy Server supports multiple-session schemes for cookie and cookie-less methods of session tracking. It provides security for any back-end server environment, as well as a platform for building out wireless solutions. Advanced proxy rules dynamically route incoming requests to the appropriate backend server. • Extensibility, Scalability and Robustness. Secure proxy Server is an open and extensible solution, providing a set of Java APIs for providing custom session schemes. It is also fully integrated with eTrust SiteMinder’s scalable and robust architecture.

Custom Agents The eTrust SiteMinder Policy Server is a general-purpose rules engine that can protect any resource that can be expressed as a string, as well as any operation on those resources. While web agents, application server agents and affiliate agents work with the standard features of eTrust SiteMinder, administrators can extend agent functionality by creating and configuring a custom agent using the Agent API and policy server Management Console. Custom agents can participate with standard eTrust SiteMinder agents in a single sign on environment.

The Secure Proxy Server is a self-contained reverse proxy solution consisting of two components, the proxy engine, with a fully integrated eTrust SiteMinder Agent, and an Apache-based HTTP web listener. The Secure Proxy Server accepts HTTP and HTTP over SSL (HTTPS) requests from web clients, passes those requests to enterprise back-end content servers, and returns resources to the requesting client. For detailed information on the eTrust SiteMinder Secure Proxy Server, refer to the Secure Proxy Server white paper available at http://www.ca.com/etrust

Custom agents work with the eTrust SiteMinder Policy Server to control access to a wide range of resources whether web-based or not. For example, custom agents could be used to control access to an application, application function or a task performed by an 10

requirement. eTrust SiteMinder offers a complete password authentication solution and integrates out of the box with most leading authentication methods. Since administrators often require varying levels of authentication security for different resources, eTrust SiteMinder supports a range of authentication mechanisms, including:

Native Directory Integration eTrust SiteMinder is integrated with industry-leading directory services, eliminating redundant administration of user information. This integration simplifies administration and provides unique and comprehensive security capabilities. eTrust SiteMinder supports a range of leading LDAP directories and relational databases. eTrust SiteMinder also supports mainframe (OS/390) security directories, such as RACF, ACF-2, and TopSecret. eTrust SiteMinder treats these directories as if they are regular LDAP user directories, and can provide both full authentication and authorization for users stored in these directories. Support for these directories is achieved through an add-on component called the eTrust SiteMinder Security Bridge.

• Passwords • Two-factor tokens • X.509 certificates • Passwords over SSL • Smart cards • Combination of methods • Forms-based • Custom methods

eTrust SiteMinder supports storage of policy information in a variety of LDAP enabled directories and SQL databases.

• Full CRL and OCSP support

Even though the user and the policy store are logically separate, the ability to store both users and policies in the same physical directory provides easier administration and better performance. Directory Mapping lets an application authenticate users based on information from one directory and authorize users based on information from a different directory.

Certificate revocation is a critical component of PKI strategy, since invalid certificates must be rejected by the authentication mechanism. eTrust SiteMinder supports CRL processing for all leading public key infrastructure (PKI) vendors, including the requirement that the CRL is located in a directory and searched to ensure the current certificate has not been revoked. In addition, eTrust SiteMinder supports the use of OCSP for real-time certificate validation.

• Biometric devices • Forms and/or certificates

eTrust SiteMinder Authentication Management

Authentication Policies Authentication policies give security administrators unique management capabilities to mix and match authentication methods and brand and customize the credentials collected. eTrust SiteMinder also enables administrators to classify resources into groups based on their value and assign different authentication methods to each level.

eTrust SiteMinder offers unparalleled control over what type of authentication method is used to protect a resource and how that authentication method is deployed and managed. Traditionally, it is very challenging to successfully deploy and manage strong authentication methods (for example, two-factor certificates); therefore, most companies default to using user names and passwords. By centrally managing all authentication systems and utilizing the eTrust SiteMinder advanced authentication policy management capabilities, companies can successfully deploy mixed authentication methods based on resource value and business needs instead of IT limitations.

Certificate Combinations and Alternatives Authentication method combinations, such as certificate and password, are very useful when stronger security is required for a specific set of resources. It is also a solution for enterprises where multiple administrators might share a secured machine. The certificate identifies the machine, while each operator has their own password.

Authentication Methods No single authentication technique is appropriate for all users and all protected resources in all situations. That’s why authentication flexibility is an important

11

Forms-based Certification

administrators need alerts if suspicious events occur, such as a user failing several successive login attempts. eTrust SiteMinder Password Services provide an additional layer of security to protected resources by enabling the management of user passwords in LDAP user directories or relational databases. To manage user passwords, administrators create password policies that define rules and restrictions for governing password expiration, composition, and usage.

Forms-based authentication enables the implementation of an authentication screen that is tailored to individual needs. This is useful when a common brand identity is desired across all internal applications and sign-on screens. In addition, it supports custom attributes, such as a Social Security number or mother’s maiden name, for authentication. For attributes in the user directory, eTrust SiteMinder performs authentication checks automatically, providing much greater log-in security.

Password services can enforce multiple password polices through a priority list of passwords that apply for multiple applications being protected across one or more user directories. Password services also enable password self-service for end-users. Developers can implement eTrust SiteMinder Password Services through either CGI with customizable HTML forms or through a servlet with customizable Java Server Pages (JSP-forms).

Alternative methods (certificate or password) are ideal when administrators require gradual deployment of certificates. When a certificate for authentication is installed, it is used; but, if a certificate is not present, eTrust SiteMinder reverts to regular password authentication.

• Directory Usage. Apply Password Services to an entire directory of users or to a subset. eTrust SiteMinder also supports nested groups within the name-space of a user directory.

Authentication Levels eTrust SiteMinder supports authentication levels. Each authentication method is associated with a particular level, ranging from a top priority of 1 to the lowest priority of 1000. When a user accesses a resource, the authentication method priority is compared with the authentication method priority level that was used to authenticate the user. If the level of the current method is higher than the level used to authenticate the user, then a new authentication, using the new resource’s associated method, must be performed. If the user has already been authenticated at a higher level, no re-authentication is required.

• Password Expiration. Set a maximum number of login failures and define inactive-password policies, that is, the time period after which an unused password expires. Expirations can also be set for user passwords based on time variables, thereby forcing users to reset current passwords. • Password Composition. eTrust SiteMinder enables the definition of minimum and maximum lengths of password characters and whether passwords should require numbers. Composition also uses a password dictionary. Regular expressions can be set in the dictionary and all valid passwords must either include or exclude the expressions set in the reference dictionary. Restrictions can be managed using the dictionary reference. Reuse of older passwords can be denied, similar password structures can be denied, and specific words can also be restricted from use in a password.

Directory Mapping eTrust SiteMinder supports directory mapping, which enables applications to authenticate users with a specific directory, but authorize using attributes including group information stored in a different directory. This is critical because it supports the needs of sites (such as ISPs) that centralize user identities in a single authentication directory, but manage group membership and application privileges in a separate, application-specific directory. It is also useful when authentication information is stored in a central directory, but authorization information is distributed in separate user directories that are associated with particular applications.

• Password Usage. eTrust SiteMinder includes a series of advanced password services that enforce the use of upper and lower case letters within a password: all uppercase, all lower case, case does not apply. The use of white spaces can also be specified: no white spaces, no white spaces before a character or after a character.

Password Services

• Password Services Self-registration and Management. eTrust SiteMinder enables end users to register as a new user, create a user name and password, set expirations to that password, and change the password whenever the user feels it necessary.

Password management is a critical security and cost issue within most corporations. To maintain user security, passwords must be difficult to guess, must change frequently, and must not be reused. In addition,

12

When Password Services are active, eTrust SiteMinder invokes a password policy whenever a user is authenticated as well as when a user password is set or modified. The Password Services action depends on the context, which includes the user credentials and the policy. If the user is trying to create or modify the password and the new password does not meet the password policy requirements, the operation fails. If the user is attempting to authenticate with a password that has expired, or if the user account was marked inactive, actions such as disable the account or redirect to an information page, can also be specified in the password policy.

other eTrust SiteMinder HTML forms-based authentication scheme. As a result, impersonation is straightforward to set up and configure, as well as being straightforward to use.

eTrust SiteMinder Authorization Management Entitlement management is one of the most critical issues for web applications. Users need to access information, but must be authenticated and authorized based on their privileges before gaining access. Traditionally, the entitlement management model for web resources often varies across web servers, application servers, operating systems and development tools. Consequently, the administration of one server can differ from the administration of another, and entitlement management capabilities offered by these various servers and tools can differ. These differences can lead to administrative problems as well as an inconsistent security framework.

Impersonation eTrust SiteMinder supports impersonation, where one authorized user can access what another user accesses. With impersonation, a customer service representative can act on behalf of users to run tasks for them that they otherwise might not want to, or know how to, run themselves. For example, a stock broker might use impersonation to complete a stock transaction for a client.

eTrust SiteMinder provides centralized authorization management through its policies for all web resources, across web servers, application servers, and so on. Administrators work with the Policy Server Management Console to define policies that restrict access to specific web resources by user, role, group, dynamic group and exclusions. Centralized access control through policies provides very fine grained control to administrators, allowing them to implement access control at the file, page or object level.

With impersonation, a previously authenticated user uses their identity to assume the identity of another user without presenting the other user’s credentials. Secure information, such as passwords, do not have to be transferred over the phone anymore. To start the impersonation, the customer representative requests that a defined resource be mapped to the impersonation authentication scheme. Then, the representative is prompted to enter the impersonation username.

The Policy Server Management Console is a single, browser-based, administrative system that extends across all intranet and extranet applications. A consistent security policy simplifies the central management of multiple web applications. A centralized approach to security management provides the following advantages:

eTrust SiteMinder makes sure that impersonation is a secure operation, that only entitled users can impersonate other users: • Administrators set up impersonation as an eTrust SiteMinder rule in a policy. In this way, impersonation can be very finely controlled because policies can define exactly who can impersonate whom for which resources within a realm.

• It eliminates the need to write complex code to manage security in each application.

• All impersonation sessions are audited to provide a history of events for record keeping and non-repudiation. Information from both the user who is impersonating and the user who is being impersonated is recorded.

• The time and cost to develop and maintain multiple security systems is eliminated; sites deploy only one security system for all applications. • eTrust SiteMinder manages the security privileges of customers, business partners, and employees, whether they access the corporate network locally or remotely through the internet or a private network.

• Private information can be hidden from the impersonating subject, as necessary to protect a customer’s privacy.

eTrust SiteMinder includes impersonation templates that administrators can configure and brand, like any

13

eTrust SiteMinder Policies eTrust SiteMinder provides security and access management based on policies that make access and security management more flexible and scalable because they are built around the user and the user’s relationship to the protected resource.

resolve values for variables in user attributes from user stores, data in forms users completed, or through web services calls to local or remote data sources. The values are then evaluated against the expression as part of the policy decision making process, together with other policy constraints.

A policy protects resources by explicitly allowing or denying user access. It specifies the resources that are protected, the users, groups or roles that have access to these resources, the conditions under which this access should be granted, and the delivery method of those resources to authorized users. If a user is denied access to a resource, the policy also determines how that user is treated.

For example, in a financial services website, a user wants to access services that are available only to customers with a certain credit rating. eTelligent Rules can be implemented using web services calls to check the customer’s current credit rating with an external, online credit service. If the customer’s credit rating is adequate, then access is allowed (assuming all other security policy criteria are met).

An eTrust SiteMinder policy binds rules and responses to users, groups and roles. The responses in a policy enable the application to customize the delivery of content for each user. Policies reside in the policy store, the database that contains all the eTrust SiteMinder entitlement information. The basic structure of a policy is shown in Figure 2.

Additional information on eTelligent Rules is available in a detailed white paper, available at http://www.ca.com/etrust eTrust SiteMinder Policy

Options Rule or Rule Group

Users or Groups in a Directory

Response or Response Group

Determines User, Groups Action that occurs access to a Exclusions & Roles when a rule fires resource

When a policy is constructed, it can include multiple rule-response pairs bound to individuals, user groups, roles, or an entire user directory. Administrators can also configure multiple policies to protect the same web resources for different sets of users, adding responses that enable the web application to further refine the web content shown to the user.

eTelligent Rule

Time

Expression Time when the using external data policy can or cannot fire

IP Address

Active Response

IP address that policy applies to

Dynamic extension of the policy

Figure 2. eTrust SiteMinder Policy

Rules/Rule Groups A rule identifies and allows or denies access to a specific resource or resources that are included in the policy.

One of the configuration options of a policy is a time restriction. If a time restriction is specified for a policy and a rule in that policy also contains a time restriction, the policy executes only during those times when both restrictions overlap.

Users A policy specifies the users, groups of users, or roles that are included or excluded by the policy. Users or user groups are located in native directories linked to eTrust SiteMinder, and roles information is stored in the eTrust SiteMinder policy store.

Today, line-of-business needs are driving IT security managers to use real-time data, either entered by the user or by a third-party service, as part of the authorization process. To process real-time data, securityrelated logic must be coded into back-end business applications. However, this security logic is expensive to maintain because it requires developers to implement separate security-code changes for each backend application. What’s more, the custom security code typically does not solve the business requirement because the authorization data cannot be evaluated in real time by the application.

Responses A response defines information (for example, user attributes) that can be passed to an application when a user is accessing the resource. The application may use this information to provide finer access control and/or customize the appearance of the resource. eTelligent Rules In addition to supporting static rules, administrators can configure eTelligent Rules, that is, an active policy that authorizes users based on dynamic data obtained from external business logic. For example, a policy could limit access to a specific application to customers who have a current account balance of less than $1,000. In this way, application data that is often stored in transactional systems like a bank-transactions database can be included within the policy enforcement capabilities of eTrust SiteMinder.

Security administrators can use eTrust SiteMinder eTelligent Rules to build comprehensive expressions representing business logic and to utilize internal and external data for real-time decision-making. Variables, whose values are dynamically retrieved at runtime, can be used in the expressions. eTelligent Rules

14

Global policies are managed by system-level administrators only using the Policy Server Management Console, the Policy Management API, or the Perl script interface to the Policy Management API.

IP addresses A policy may be limited to specific user IP addresses. If a user attempts to access a resource from an IP address not specified in the policy, the user will not be allowed access.

Role based access control (RBAC) eTrust SiteMinder software, running in conjunction with eTrust IdentityMinder software, provides enterprises with role based access control. Roles define job responsibilities, or a set of tasks that are associated with a job or business function. Each task corresponds to an operation in a business application. A single role can have one or more tasks defined in it and users can have one or more roles assigned to them. An eTrust IdentityMinder central administrator creates role and task definitions. Only after a user is assigned a role can they perform the tasks defined in that role.

Time restrictions A policy may be limited to specific days or ranges of hours. A policy with a time restriction will not allow access outside specified times. Active response An Active Response allows business logic external to eTrust SiteMinder to be included in a policy definition enabling eTrust SiteMinder to interact with custom software created using the eTrust SiteMinder APIs. Global policies eTrust SiteMinder’s global policies significantly improve how policies can be organized and they reduce redundant operations for configuring multiple policies in large enterprises. Global policies provide administrators with the ability to define policy objects, rules, and responses, with global scope separately from a policy domain. When separated from a domain, administrators can define common policy objects, rules, and responses once that apply across multiple domains. Then, they can easily update the common policy objects, rules, and responses without having to locate each item in each realm throughout the domains. In addition to improving policy administration, global policies can help ensure compliance with federal regulations or corporate rules because they can enforce those rules and regulations across the enterprise, if required.

When eTrust IdentityMinder is integrated with eTrust SiteMinder, eTrust SiteMinder extends the power of roles beyond job descriptors to access management. The eTrust IdentityMinder administrator works with the eTrust SiteMinder administrator to bind eTrust IdentityMinder roles to eTrust SiteMinder policies. Once the roles are bound to eTrust SiteMinder policies, the user and access management link is established. eTrust IdentityMinder manages the users and their roles; eTrust SiteMinder manages secure access to resources specified by their roles. The eTrust IdentityMinder-eTrust SiteMinder role based access control implementation is non-intrusive and flexible. eTrust IdentityMinder roles can be used directly by eTrust SiteMinder without the need to modify user directories. eTrust SiteMinder access control mechanisms are available to eTrust IdentityMinder roles without the need to modify eTrust IdentityMinder role definitions.

Each component of a global policy remains complementary to their domain-specific counterparts; that is, if there is a domain-specific policy object, rule or response with the same reference, the domain-specific item takes precedence over the global item. System level administrators can also disable global policies for any domain, if they so choose. Global policies allow time restrictions to be specified when rules are in effect.

Single Sign-On One of the most common challenges site operators face is multiple user logins. No universal single sign-on (SSO) solution exists today, primarily because there are no formal standards to facilitate an open solution. eTrust SiteMinder supports SSO in several ways: single sign-on in single and multiple cookie domains; Federated Security Services through SAML; integration with Microsoft .NET passport, and within a Microsoft Windows environment. With its broad support for single sign-on, users get seamless access to resources across networks of websites.

For example, administrators define a policy in each realm to redirect users to the same web page when users are not authenticated or not authorized to access a resource. With global policies, administrators define a redirect policy once and that single global policy can be used by all realms. Without global policies, administrators have to define that same policy over and over for each realm.

15

Single and Multiple Cookie Domains When a user authenticates with eTrust SiteMinder, an encrypted cookie is created that contains the necessary session information about the user. The cookie is encrypted with a 128-bit symmetric cipher. No user password information is ever kept within the cookie. When the user requests access to a different protected resource, eTrust SiteMinder decrypts the information in the cookie and securely identifies the current user. No additional authentication is required. See Figure 3.

In an environment that includes resources across multiple cookie domains, eTrust SiteMinder supports single sign-on across applications running on heterogeneous web and application server platforms using a cookie provider, a specially configured eTrust SiteMinder Agent that passes a cookie containing the user’s identity and session information to other cookie domains in the SSO site. This enables eTrust SiteMinder to authenticate the user across the entire virtual website, even though it consists of multiple domains.

eTrust SiteMinder also supports cross-domain SSO. When users authenticate to a single internet domain, eTrust SiteMinder eliminates the need to re-authenticate when they access protected resources or applications in a different domain. Cross-domain SSO is a critical capability, especially for large enterprises with multiple divisions or multinational businesses. See Figure 4.

Within the SSO site, users enter their credentials upon their first attempt to access a protected resource. After they are authorized and authenticated, they can move freely between different realms that are protected by authentication schemes of an equal or lower protection level without re-entering their identification information. The above diagram shows SSO across multiple cookie domains.

Mycompany.com

eTrust SiteMinder’s support for SSO improves the overall user experience simplifying access among servers and applications. It also lowers the administrative costs by allowing users to access the data they need using only one password.

Web Server with eTrust SiteMinder Agent

/app1/

User Authenticates Once Employees Partners Customers

Federated Security Services

Mycompany.com

/servlet 1/

eTrust SiteMinder makes it easy for administrators to set up Federated Security Services. An authentication scheme is available to configure SAML producers, user mapping, and validation information. Duplicate user profiles in both the main site and partner sites (one-to-one user mapping) is supported, but not required. Federated Security Services also supports one-to-many user mapping; for example, everyone from a partner site can be mapped to one identity, such as Partner Employee, in the local user store. The policy server also adds issuer validation to ensure that the integrity of the token is intact when it is received.

Application Server with eTrust SiteMinder Agent

Figure 3. Single sign-on within a single cookie domain

Cookie domain subsidiaryA.com

User entitlements Session identity

Cookie domain mycompany.com Authentication User entitlements Session identity

Web Server Designed as the ìcookie providerî for the SSO Site

Employees Partners Customers

Application Server with Protected Applications

Cookie domain subsidiaryB.com

User entitlements Session identity Web Server with Protected Applications

Figure 4. Single sign-on across multiple cookie domains

16

Figure 5 shows how the eTrust SiteMinder site, as a SAML producer works, with affiliated sites. Because the eTrust SiteMinder site conducts the authentication for all users, the affiliated partner sites don’t even need a security solution.

Figure 7 shows how the eTrust SiteMinder site, as a SAML consumer works, with affiliated SAML sites. Because eTrust SiteMinder can consume SAML tokens, it can easily interoperate with sites that don’t use eTrust SiteMinder.

Affiliate Partner

Affiliate Partner Web Server with SAML Affiliate Agents

Web Server

Security Product A

<SAML>

Users

eTrust SiteMinder

<SAML>

Users

Web Server with eTrust SiteMinder Employees Partners Customers

Policy Servers

Employees Partners Customers

<SAML>

Affiliate Partner

Web Server

Microsoft .NET Passport integration Microsoft® Passport is an online user-authentication service. Passport lets a consumer create a single signin name and password for easy, secure access to all Passport-enabled websites and services. Passportenabled sites can rely on Passport to authenticate users. However, Passport does not authorize or deny a specific user’s access to individual sites and applications.

Affiliate Partner

With the integration of Microsoft .NET Passport services, eTrust SiteMinder combines the convenience of .NET Passport authentication with eTrust SiteMinder authorization services. This combination allows organizations to retain fine-grained and secure control over their security policies through eTrust SiteMinder, while participating in a trusted network that delivers a unified experience to Passport users. Passport users can log-in once using their .NET Passport user name and password, or credentials and seamlessly access a network of .NET Passport enabled websites, as well as enterprise applications protected by eTrust SiteMinder. For added security, an eTrust SiteMinder protected site can choose to re-challenge the user for more secure content.

Security Product <SAML>

eTrust SiteMinder

Web Server with eTrust SiteMinder

Policy Servers <SAML>

Affiliate Partner

Web

Security Product B

Figure 7. eTrust SiteMinder as a SAML consumer with SAML affiliates

Figure 6 shows how the eTrust SiteMinder site, as a SAML producer works, with affiliated sites that are SAML compliant, but do not have a SAML Affiliate Agent running at the site. The eTrust SiteMinder site conducts the authentication for all users, but the affiliated partner sites require a SAML compliant security solution to enable single sign-on for users.

Employees Partners Customers

Policy Servers

Affiliate Partner

Figure 5. eTrust SiteMinder as a Producer with SAML Affiliate Agents

Users

Web Server with eTrust SiteMinder Agent

<SAML> Web Server with SAML Affiliate Agents

Web

eTrust SiteMinder

Security Product

Figure 6. eTrust SiteMinder as a SAML producer without SAML affiliate agents

17

policy store. eTrust SiteMinder also tracks user sessions so administrators can monitor the resources being accessed, how often users attempt access, and how many users are accessing the site. Additionally, eTrust SiteMinder provides the ability to filter audit events (for example, record only failed authorizations), allowing the administrator to only track events of interest.

Single Sign-on in the Windows Environment eTrust SiteMinder single sign-on is especially important in the Microsoft Windows environment because users access many enterprise applications through their Windows desktop. Windows integrated security Users who login to their desktop using Windows NT authentication and use internet Explorer to access e-business applications deployed on any web server, including non-internet information server web servers, can login to eTrust SiteMinder without being re-challenged as long as there is one IIS web server configured to use eTrust SiteMinder. With this capability, the user only has to remember their desktop password.

Reporting eTrust SiteMinder audit data can be used to build reports, leveraging the reporting solution that your company currently uses. eTrust SiteMinder provides stored procedures and sample Crystal Reports templates. If you integrate Crystal Reports with eTrust SiteMinder, you can take advantage of the sample report templates described below. If you use other commercial reporting solutions, you can use the eTrust SiteMinder provided stored procedures to easily access the audit information in the database and build your own reports. Regardless of your reporting solutions, eTrust SiteMinder provides you with the data you need to generate reports like those described in this section.

Windows application login eTrust SiteMinder also supports Windows application login, enabling a user to login to eTrust SiteMinder and subsequently launch Windows/COM+ web applications such as Microsoft Outlook Web Access and Microsoft Commerce Server. With Windows application login, administrators can enforce access control on non-eTrust SiteMinder-protected Windows applications for all eTrust SiteMinder users with a Windows identity (NTLM or LDAP) by initializing their application security context with eTrust SiteMinder.

Report drill down capabilities eTrust SiteMinder reports begin with a summary of the data in the report. Clicking on a summary item, such as a date, user, or agent, allows administrators to view more detailed information. Drill-down details contain the following information:

Auditing and Reporting Administrators need to know who is doing what and when. eTrust SiteMinder auditing logs all activity throughout the eTrust SiteMinder environment. eTrust SiteMinder stores the audit information in a flat file or relational database. When you set up eTrust SiteMinder to store information in a relational database, you can use commercial reporting solutions to present that auditing information in any format required.

• Time. Lists the exact times when each event occurs from the oldest time to most recent.

Changing federal laws, in-depth regulatory financial audits, and increased security threats from external hackers have all pushed access management auditing and reporting to the forefront of product feature sets. eTrust SiteMinder reporting supports granular information collection and analysis on access, activity, intrusion, and audit information to fulfill many of these reporting requirements.

• Administrator. The eTrust SiteMinder Account Username is listed.

• User. Contains the user name associated with the reported event. • Agent. Lists the names of the agents where the report event occurred.

• Category. Describes the type of event that was logged. • Description. Describes the actual event that occurred during the time noted in the Report. When any category of event is logged as a rejection or failure, the color of the text on the computer screen is red and indicated by an exclamation (!) mark.

Auditing eTrust SiteMinder audits all user and site activity, including all authentications and authorizations, as well as administrative activity, and any changes to the

18

Time series reports Administrators can view two types of Time Series Reports:

Activity reports Activity reports show a variety of user, eTrust SiteMinder agent, and resource activity data at different levels of granularity. There are four types of Activity Reports:

• Daily Transactions Report. Includes all successful and failed authentications and authorizations by day.

• All Activity Report. Transactions and failures of all users that occurred during the period of time covered by the report

• Hourly Transactions Report. Breaks the data further down into successful and failed authentications by hour.

• Activity by User Report. Users and their sessions, including the number of transactions and failures that occurred during the period of time covered by the report

Time Series reports are displayed as bar charts. See Figure 8. Administrators can view a chart of all transactions, or view the authentications, authorizations, or administration transactions separately.

• Activity by Agent Report. Lists active agents and provides information, such as the number of transactions and failures that occurred on each agent during the reporting period

12

120 10

100

8

0

2:00 pm

9 1 0 11 1 2 1 3 1 4

3:00 pm

8

1:00 pm

7

Date

12:00 pm

6

11:00 am

5

8:00 am

4

9:00 am

3

10:00 am

2

7:00 am

1

6:00 am

2

0

5:00 am

20

2:00 am

4

4:00 am

40

3:00 am

6

1:00 am

60

12:00 am

80

Transactions

Transactions

• Activity by Resource Report. Resources accessed during the reporting period, including host names, the number of resources accessed, the number of transactions, and the number of failed access attempts

Hour

Intrusion reports Intrusion Reports show failed authentication and authorization attempts by users and or agents at different levels of granularity. The main intrusion report is the All Failed Authentication and Authorization Attempts report, which lists all failed user authentication, authorization and administration attempts by date and time. This report is broken down into two sub-reports:

Figure 8. Time series reports

Enterprise Manageability eTrust SiteMinder includes enterprise site manageability features that ease deployment and ongoing site administration through proactive centralized control of operating environments and monitoring of system availability and operating status.

• Failed Authentication and Authorization Attempts by User

OneView Monitor eTrust SiteMinder OneView Monitor collects and displays real-time operation status information, including failure alerts, about eTrust SiteMinder policy servers, agents, and other core components such as authentication and authorization services. Information is presented graphically so that administrators can rapidly assess an entire environment with multiple policy services, or the status of an individual component. When a problem is reported, administrators can scan summary information to review overall system status, identify components with failure alerts, and drill-down to obtain detailed status information.

• Failed Authentication and Authorization Attempts by Agent Administrative reports The main administrative report is the All Administrative Activity report, which covers all administrative activity by date. It is broken down into two sub-reports: • Activity by Administrator Report. Covers all administrative activity by administrator. • Activity by Object Report Report. Covers all administrative activity by object (Administrator, Agent, Policy, and so on).

In the event of a component failure, eTrust SiteMinder OneView Monitor can display and alert an administrator right away so that no time is wasted in reporting the problem. Administrators can then take pro-active action to correct problems, possibly even before users experience any trouble.

Each report contains columns of information including Time, Administrator, and a brief description of the activity.

19

With the SNMP integration capability, administrators can set up automatic recovery procedures based on failure alerts. For example, a failure report can kickoff an e-mail message or a pager message to the person who is closest to the problem. The recovery time can then be reduced even further because the responsible person is alerted as quickly as possible.

After glancing through the XML file report, administrators can determine if any components require updating, if there are any version mismatches, and if the correct agents are deployed where needed. When working with the eTrust SiteMinder support team to resolve a problem, administrators can send eTrust SiteMinder Environment Collector information to the support team. With accurate and up-to-date data to work with, the support team will be able to work on reproducing and resolving the problem.

eTrust SiteMinder OneView Monitor can be easily configured so that administrators can set up the displays to report information exactly as they need it. They can filter out data that might not be important to their environment; they can sort data according to their priority; and they can specify update intervals to make sure they have fresh data when they need it.

Test Tool After a problem is reported, administrators must have the correct tool to identify and isolate the cause of the problem, so they can move quickly to resolve it. The out-of-the-box eTrust SiteMinder Test Tool simulates agent operations so that a policy server can be isolated from the agent environment. Once isolated, the administrator can determine whether the policy server is creating the problem or another component in the environment where the policy server is running.

Environment Collector When problems are reported, it is critical to have detailed information about all the operating components of the environment to help identify and isolate the root cause of the problem and, if necessary, to reproduce the problem in a testing lab. Because a security solution interacts with many critical systems distributed worldwide that are owned by different people or groups, it might take the security administrator days to contact the right people to get all the details they need about all the components connected to the security system. Even after the information is collected, it could go stale very quickly as components get upgraded.

The eTrust SiteMinder Test Tool can test the connection to the policy server to see if it is down. If the connection is available, the administrator can test the policies associated with the application that reported the problem. The administrator can run tests that check if the resource is protected, if the user is authenticated, and if the user is authorized for the resource. Debug information is also provided.

The eTrust SiteMinder Environment Collector provides a snapshot of the eTrust SiteMinder runtime environment for any policy server in the enterprise. When problems associated with a policy server crop up, administrators use eTrust SiteMinder Environment Collector information to assess exactly what components the policy server is working with. With up-tothe-minute environment information, the security administrator can resolve the situation much faster.

Logging and policy profiling With useful logs of day-to-day system activities, administrators can prevent many problems from happening and troubleshoot problems quickly when they occur. Policy server and agent logs are separate from tracing logs to make log files easier to manage. Because separate logs are smaller and easier to work with, administrators also have more precise control over log verbosity because they can specify different verbosity settings for each log. In addition, administrators can apply tracing and logging settings without restarting the policy server. For example, an administrator can add a data field in the trace logs and eTrust SiteMinder adds the field automatically without restarting the server.

The Environment Collector collects the following information about a policy server: • User stores and databases being accessed by the policy server. • Custom modules being used by the policy server. • Agents that are interacting with the policy server. • Registry information.

Policy server and agent logging include the following capabilities:

The type of information collected includes the name of the component, its version, patch levels, which policy server the component works with, how the components are connected, and other environment attributes that affect how eTrust SiteMinder operates. This information is stored in an XML file.

• Agent and policy server logs can be correlated through a transaction ID allowing the administrator to follow both agent and policy server operations to more easily identify the problem. For example, when multiple agents are making requests to a policy server, having a single transaction ID allows

20

• All configuration information is centralized and stored in the policy store, providing greater security for configuration information.

administrators to isolate a call from a particular agent, providing more precise and relevant troubleshooting information. • Logging profiles can be saved for quick retrieval and alternation between production and troubleshooting modes. The output can be sent to either a system console or a file.

• It is easy to delegate administration for creating and managing the new centralized agent to the administrator who has organizational responsibility for the agent.

Policy profiling, or trace logging, includes the following capabilities:

• Configuration templates make it very easy to configure multiple agents into logical groups.

• Policy profiler (previously called the debug tracer) can trace policy server operations across policy server components.

• Web servers do not need to be re-booted when configuration changes are made.

• Administrators can configure trace logs to generate detailed and selective information. For example, they can configure trace logs to include feedback on selected operations in specified components, such as a source file or an IP address in data fields.

Rapid Policy Deployment When new or modified policies are being deployed in a production environment, it’s important to fully test those policies offline before they “go live,” lest inadvertent errors appear in the policy specification that cause serious security problems later on. That’s why many enterprises use multiple staging environments for developing, testing and deploying new policies. However, as environments grow in size, the number of policies can often make management of these environments quite challenging. Since re-entering policies can be laborious and error-prone, administrators need an automated way to move policies from one environment to another to simplify management of larger environments.

• Multiple output formats are available for easier parsing of trace information and integration with other trace reporting systems. Output formats include fixed width fields, XML, user-specified delimited fields, among others. Error handling includes the following capabilities: • Accurate and comprehensive information about the operation of eTrust SiteMinder processes is recorded.

With the import/export tool, eTrust SiteMinder easily and automatically migrates entire policy structures from one environment to another. For example, operators can change policy names and attributes to accommodate the new environment, such as new machine names or IP addresses. The import/export tool has the following capabilities:

• System informational messages down to the functional level provide detail information. • Administrators can filter errors by specifying precise criteria, such as severity.

Centralized Agent Management eTrust SiteMinder provides central agent management that enables central and dynamical control and configuration of web agents. Additionally, central agent management can logically group agents based on your organization.

• First-Time Deployment. Copy an entire policy configuration from one environment to another and then edit the configuration before or after the import. • Incremental Deployment. Export individual policy objects to new environments and overwrite the comparable object on the new system. Edit the configuration for first-time deployment, either before or after the import operation, simplifying re-testing and re-deployment of individual policies.

When a new agent is installed on a web server, the installation process establishes a secure connection with the policy server and receives default configuration settings. This increases security since the configuration information is moved from the web server in the DMZ and resides in the policy store. With this configuration, the possibility of a security compromise of the configuration information is significantly lower. Some are the key benefits of this capability are:

• Flexible Scripting Capabilities. Develop scripts in a standard text editor and store them in source code control systems to maintain versioning. • Import Object Mapping. Easily map, that is, rename, an imported object if the name is not unique.

21

cache that is searched before the regular policy cache. In addition, eTrust SiteMinder caches user attributes to optimize LDAP calls. These caching facilities provide outstanding performance, even for very large number of users or policies.

Unattended installations In large enterprises, administrators install eTrust SiteMinder Policy Servers and agents on many systems. In many cases, these installations are the same from system to system. With unattended installations in eTrust SiteMinder release r6, administrators use Java-based installation templates to automate these installations. With automatic installations, eTrust SiteMinder can be rolled out faster to better meet the needs of rapidly expanding global businesses.

Through independent tests conducted by Mindcraft Inc., eTrust SiteMinder has demonstrated industryleading performance for user authentications and authorizations. Figure 9 summarizes the outstanding performance that eTrust SiteMinder offers.

The unattended installations use a platform-independent Java installer, which allows the installation to run the same way, with the same look and feel, on both Unix® and Microsoft Windows operating systems. Administrators work with templates to specify how to install and configure a component, such as a web agent. Then, the templates can be re-used throughout the security environment to ensure a uniform and consistent installation and configuration of the component. Template re-use saves the administrator from countless, repetitive installation procedures.

120,000

Log-ins Per Minute

100,000 80,000 60,000 40,000 iPlanet LDAP

20,000

MS Active Directory 0

Command line interface eTrust SiteMinder includes a full command line interface to leverage the power of Perl scripting and make it easier to dynamically control the system. All programmatic capabilities formerly available only to C and Java programmers are now accessible to developers using standard Perl scripts.

1

2

4

CPUís

Figure 9. eTrust SiteMinder performance data on Windows NT and Unix

Bulk operations Operations for initializing the policy server and for auditing run in bulk to ensure efficient runtime performance. Each time the policy server starts, it is initialized by retrieving policy data from a policy store, which is defined in LDAP directory servers or ODBC databases. For ODBC database policy stores, the query (SQL) statement operations for retrieving policies are combined, resulting in a minimal number of retrieval operations and in quick initialization.

Through the range of eTrust SiteMinder APIs, companies can use scripts to test and verify policies, examine configurations, and automate the routine chores commonly performed. The Command Line Interface offers a complete scripting interface to the eTrust SiteMinder Policy Server making customizations and proof-ofconcepts easier and quicker.

Performance, Reliability, Scalability and Availability

eTrust SiteMinder auditing transactions can be stored in a relational database using ODBC. When using a relational database, bulk SQL statements and asynchronous database management operations make the process of storing records as quick as possible.

eTrust SiteMinder is used today in some of the world’s largest corporations and is designed to meet the needs of corporations requiring a fast, efficient, 24x7 security solution for their extensive user and application services.

Authentication and authorization When eTrust SiteMinder evaluates whether a resource is protected, a very fast binary search algorithm is used. This algorithm results in rapid transaction times when determining whether access control is required for a resource.

Performance eTrust SiteMinder provides extensive, fully tunable, caching facilities, so that all resource and policy information is available without requiring a call to either the policy server or a directory. The policy server supports two-level policy caching, so that recently accessed policy information is kept in a separate

The eTrust SiteMinder object cache groups rules with realms for a more efficient search of policies to make authorization decisions. The cache is bound by size, not by number of entries, providing a rapid and predictable search of policies.

22

requests are handled locally. Policy servers in a cluster can be running on different platforms or physically located in different places. As a result, clustering is viable in both homogeneous and heterogeneous policy server environments.

Reliability, Availability and Scalability These optimizations enable rapid run-time performance, especially when working with large policy stores. For example, tests indicate that the policy evaluation response time for a policy store with one realm is the same as the response time for a policy store with up to thousands of realms.

Clustering offers administrators these features:

eTrust SiteMinder has been designed specifically to meet the needs of e-business sites that must support a large number of users with high authentication and authorization rates. Though eTrust SiteMinder is easy to configure and deploy for small workgroup environments, it can scale to large installations that support very large user or resource populations. eTrust SiteMinder provides outstanding scalability due to the following capabilities:

• Dynamic Load Balancing. Dynamic agent-to-policy server load balancing allows higher levels of processing loads to get allocated to faster servers within the cluster. More effective load balancing increases maximum system throughput because agents get served by the policy server that can provide the fastest response at any given time. Agents will be served by a policy server instance within the cluster that previously provided the best response time.

• Replication and Failover. Each web agent can be configured to communicate with multiple eTrust SiteMinder Policy Servers. If the current policy server becomes unavailable, the agent automatically establishes a connection with the next policy server and continues processing. This operation is transparent to the user. For increased availability, in the event of a failure, eTrust SiteMinder provides automatic restart of all server processes. eTrust SiteMinder also provides the failover mechanism for user directories, that is, if the current user directory is unavailable, the policy server automatically establishes a connection with the next user directory.

• Automatic Failover. Agents are decoupled from policy servers. As a result, agents transparently failover from one cluster to another, according to criteria established by the administrator. When the number of available policy servers in cluster falls below the criteria, agent requests are automatically sent to another cluster without interrupting service.

• Load Balancing. eTrust SiteMinder supports automatic load balancing, which significantly improves the scalability and performance of eTrust SiteMinder in large deployments. The web agent distributes multiple user requests across multiple policy servers. The policy servers can also load balance their requests across a set of directory servers. In this way, eTrust SiteMinder can distribute its system load across other servers to improve overall system throughput.

A security system is only as strong as its weakest link. That’s why it’s critical that all components and communication paths be secure, so that intruders cannot compromise the overall system security by stealing passwords or impersonating other users. eTrust SiteMinder offers security at each point in its operation.

With these features, the administrator can easily scale policy servers to meet increasing service requests in growing enterprises.

Security

More specifically, it provides several capabilities to ensure that data and applications are not compromised.

Policy Server Clusters Administrators can group multiple policy servers into a cluster that works with a set of agents. With clusters, administrators get powerful new features for managing clusters to derive the most efficient service from them.

Data Confidentiality eTrust SiteMinder encrypts all data and control information that passes among components. All traffic among the policy server, the web agent, and the administrative interface is sent over TCP using 128-bit RC4 encryption, providing very strong confidentiality. All user cookies are encrypted using RC2. Encryption keys are generated automatically and randomly by the policy server. This operation is totally transparent to the administrator, though a re-generation of the keys can be forced at any time, or at any regular interval, for added security.

Any set of policy servers can be clustered, based on criteria that are important to the security system implementation. An administrator might choose to cluster policy servers for a number of reasons, including: physical location, resources they are protecting, organizations they are supporting, or machine speed and memory. For example, when clustering policy servers according to geography, an administrator can group policy servers in one area to make sure agent

23

Mutual Authentication

Session and Idle Timeouts

Administrators must ensure that a server is not an impostor collecting sensitive information such as, credit card numbers. Both the web agent and the policy server authenticate themselves to each other, using a shared secret to encrypt an authentication message. This secret is never passed over the network, even in encrypted form, and so cannot be stolen from the network. This technique ensures the structural integrity of the eTrust SiteMinder components themselves, so that an eavesdropper cannot steal useful information, nor impersonate an eTrust SiteMinder server or agent.

Companies can centrally define both idle and session timeouts for individual applications. For example, a sensitive finance application might have an idle timeout of two minutes when there is no browser action. The application can also have a maximum user-session time which will automatically logout users after a specified period of time.

Rolling Keys eTrust SiteMinder can centrally and automatically roll over all keys that agents use to encrypt/decrypt cookies. Without the eTrust SiteMinder automatic rollover, IT administrators would need developers to implement a rollover scheme themselves, which is extremely difficult to do. eTrust SiteMinder’s rolling keys makes the eTrust SiteMinder cookie extremely secure because it can be done simply, easily, and reliably by eTrust SiteMinder and relieves companies from having to rely on home-grown implementations.

Revocation of User Credentials Some sites need to immediately revoke access control privileges of a specific user; for example, when an employee is terminated. eTrust SiteMinder supports a rapid response through the use of commands to flush specific information from the web agent cache. The following operations are available both through the administrative interface and through the API.

Administrators can also automatically generate and reset trusted host keys by delivering them securely to the trusted hosts, without requiring that the policy server or agent be restarted. The administrator can specify how often shared secrets are reset according to a schedule that is best for their environment— hours, days, weeks or months. Administrators can disable automatic shared secret rollover for specific trusted hosts and continue to perform manual shared secret rollovers, if required.

• Flush the user cache • Flush the resource cache • Flush both caches • Flush all resources in a specific realm • Flush a specific user entry in the user cache

Encrypted Session Cookies The eTrust SiteMinder session cookie is a RC4, 128-bit-encrypted session ticket that has browser information, time, Distinguished Name, an encrypted seed, and other information not disclosed in this paper for security reasons. All these fields are encrypted and randomly ordered.

Hardware Stored Encryption Keys eTrust SiteMinder has partnered with nCipher, the industry leader in hardware-based encryption, to implement storage of the host encryption key in hardware. This hardware technology adheres to industry standards and allows for highly secure yet flexible key management. nCipher’s HSMs incorporate the use of smart cards (“tokens”) and a card-reading device to securely manage the encryption keys. Using nCipher’s HSM, the key management functionality within the eTrust SiteMinder environment supports true randomnumber key generation, back-up, fail-over, and archiving capabilities in a FIPS 140-1 certified module.

eTrust SiteMinder does not embed IP or password information in the cookie sent back to the browser. Many homegrown and competing products make the mistake of including IP information, causing massive firewall problems in network address translation (NAT) environments. The eTrust SiteMinder session cookie has been tested and approved by the security committees of Dean Witter, E*Trade, WellsFargo, Citigroup, American Express, BancOne, Bank of America and other large financial companies. In addition, eTrust SiteMinder offers an optional Reverse Proxy Server solution that allows a customer to use various means of session control: a standard eTrust SiteMinder session cookie, SSL ID, miniature cookie for wireless solutions, or encrypted URLs.

LDAP Protection from Denial-of-service Attacks As noted in Carnegie Mellon, CERT 2001-18 (http://www.cert.org/advisories/CA-2001-18.html), LDAP directories are extremely susceptible to denial of service (DOS) attacks. eTrust SiteMinder eliminates these DOS attacks by placing a eTrust SiteMinder Policy Server between the web server and the LDAP directory.

24

In addition, eTrust SiteMinder ensures that packets attempting authentication match the eTrust SiteMinder-encrypted key before passing on authentication or authorization attempts to the policy server. This chokes off DOS attacks on the eTrust SiteMinder infrastructure.

rity logic resides behind the DMZ in the protected eTrust SiteMinder Policy Server. This architecture ensures security by not exposing any access logic or policies in the DMZ.

eTrust SiteMinder Developer Capabilities

Protection from Cross-Site Scripting A cross-site scripting (CSS) attack can occur when the input text from the browser (typically, data from a post or data from query parameters on a URL) is displayed by an application without being filtered for characters that may form a valid, executable script when displayed at the browser. For example, an attack URL can be presented to unsuspecting users. When it is clicked, an application could return to the browser a display that includes the input characters, perhaps along with an error message about bad parameters on the query string. The display of these parameters at the browser can lead to an unwanted script being executed on the browser.

The eTrust SiteMinder Software Developers’ Kit (SDK) supports the development of custom applications to embed eTrust SiteMinder in their environment, and to extend the capabilities of eTrust SiteMinder. Java and C APIs are provided to offer developers a choice of programming languages. Both interfaces contain several sets of APIs. Each set lets developers implement a particular feature, such as developing a custom agent using the Java APIs or extending an authorization scheme using the C APIs. Both client-side and serverside APIs are provided in Java and C. Both C and Java agent APIs can also run on Linux.

eTrust SiteMinder agents support various options to filter attacks by bad characters in the URL. Using these agent configuration options, the administrator can specify bad CSS, URL and query characters that the agent uses to block or filter and prevent attacks.

Creating Custom Agents The Agent API is used to build custom agents for enforcing access control and managing user sessions. Enforcing access control consists of authentication, authorization, and auditing of the user. The Agent API works in tandem with the policy server to greatly simplify application development while increasing application scalability with respect to the number of applications and resource-privilege pairs.

Unique Secure HTTP Header Passing Through the central eTrust SiteMinder user interface, administrators can pass user store attributes through HTTP headers to applications through the eTrust SiteMinder web agent into the inbound channel of the web server. Since the eTrust SiteMinder filter is the dominant filter, it can overwrite all other filters to ensure header validity. In addition, this inbound channel is not visible to external users in the DMZ. That means no firewall port, from the web server to the user store (LDAP, MS/SQL, Oracle, Novell), needs to be opened. eTrust SiteMinder can pass these user store attributes to the application through its encrypted channel. What’s more, the channel from the policy server to the web agent is RC4-128-encrypted.

Additional capabilities provided by the Agent API include full session management support, notifications for agent key rollovers, real-time policy updates, policy server fail over, load balancing and logout reason codes. With logout reason codes exposed, developers implement client applications that set finer granularity in reporting why a logout was initiated. In addition, logout codes can be used to write separate event handlers to handle the different logout events. The logout codes include: Idle Timeout, Session Timeout and Explicit Logout. The availability of these logout reason codes provides more and better auditing information about user activities.

Advanced Web Agents eTrust SiteMinder does not put authentication or authorization logic on a web server, a common mistake of homegrown and competitor products. Instead eTrust SiteMinder employs unique web agent filters (NSAPI– Netegrity, ISAPI – Microsoft IIS, DSAPI – Domino and Apache Modules) that integrate with and operate as part of the web server. Web agent filters are much more secure than storing authorization and authentication processes on the web server. All secu-

Single Sign-on Support for Custom Agents Custom agents built with the Agent API can participate in a single sign-on environment with standard eTrust SiteMinder web agents. Using the Cookie API, custom agents can also create third-party SMSESSION cookies that can be accepted by standard eTrust SiteMinder web agents. Customers have the option to enable or disable the capability for standard eTrust SiteMinder web agents to accept third-party cookies created by custom agents.

25

Managing the Policy Store

Server Management Console to define active rules, active policies, and active responses.

The Policy Management API is used to manage all the objects within the eTrust SiteMinder Policy Store. With the Policy Management API, companies can develop custom Policy Management interfaces to eTrust SiteMinder. For example, a developer can write an application that allows administrators to manage policies, policy responses, global policy configuration, authentication schemes and password policies, shared secret rollover for trusted hosts, and affiliate and affiliate domain management functionality. Both programming and command line interfaces (CLI) are available.

Adding a Directory Provider The Directory API is used to develop plug-in modules to the policy server for implementing a custom user store that eTrust SiteMinder does not support. eTrust SiteMinder supports the following namespaces for user directories: • LDAP • ODBC • Microsoft Windows NT

Managing the User Store

• Custom

The DMS API enables management of objects within a eTrust SiteMinder user directory. Users of the DMS API can develop custom User Management applications using eTrust SiteMinder that enable privileged users to create, add, modify and delete organizations, groups or users. The DMS API performs the following tasks:

Using the Directory API, an interface can be built to any custom user directory or database.

Integrating with eTrust SiteMinder Events The Event API lets customers build custom handlers for eTrust SiteMinder events. Through the Event API, eTrust SiteMinder can log events using outside sources, providers, or applications. Administrators can then access the logged information through these other sources, providers, or applications. Using the Event API, developers can build applications to alert administrators of eTrust SiteMinder activity. For example, an event handler can send an e-mail to the administrator when the accounting server starts or someone creates a new policy.

• Manage directory entries • Discover user privileges • Enable/disable users • Grant DMS roles to users • Paging and sorting when search LDAP directories or ODBC databases Using the DMS Workflow API, developers can add pre- and post-process functionality for specific DMS API. The DMS APIs available for specifying the preand post-process functionality include those used for modifications such as set, delete, and associations. The pre and post functionality is implemented as a shared library and is configured within the eTrust SiteMinder Policy Server Management Console.

Session Server API The Session Server API allows enterprises to store application state information associated with the user and make it available to all applications as a shared service.

Creating a Custom Authentication Scheme Creating a Secure Communication Tunnel

The Authentication API is used to develop plug-in modules to the policy server. These APIs are used to define new authentication schemes as well as custom implementations of known authentication schemes. Modules developed using this API are implemented as shared libraries and can be configured using the eTrust SiteMinder Policy Server Management Console. The Authentication API supports any type of user credentials:

The Tunnel Service API provides secure transfer of data between an agent and a shared library on a policy server that supports the Tunnel Service. Use these APIs to develop tunnel services to securely communicate between the agents and the shared library on the policy server. When an agent sends a tunnel request to the policy server, the request contains: • The name of the service library

Flexible Authorization

• The function to be called in the service library

The Authorization API is used to develop plug-in modules to the policy server for performing custom authorization functions. Modules developed using this API are implemented as shared libraries. The modules can be configured using the eTrust SiteMinder Policy

• The data to be passed to the function The policy server initializes the appropriate service,

26

invokes the requested function, and passes the data to the function. Once the service has performed its task, the policy server returns the results to the agent.

Summary eTrust SiteMinder is one of the premier security solutions for global organizations because it can cost-effectively provide an efficient security access management solution that lets business in while keeping risk out: • Reduce Administrative Costs. eTrust SiteMinder robust set of administration tools makes it one of the most manageable security systems available today. With centralized tools, security administrators can manage up to millions of users and secure thousands of resources across the world, 24 hours a day, 7 days a week. With security in such a heterogeneous, always available system being managed centrally, security administration expertise can be centralized to significantly reduce total cost of ownership. • Reduce Development Costs. eTrust SiteMinder readily integrates with existing applications so that applications can take immediate advantage of its security services without having to be re-designed, re-built and re-deployed. As a result, an eTrust SiteMinder security solution can be quickly deployed, without having to rely extensively on programmers, who can then concentrate on business logic.

• Enhance Users’ Experiences. eTrust SiteMinder’s single sign-on capabilities let users move from application to application, or site to site, without having to sign on multiple times with different identities and passwords. For employees, single sign-on lets workers get their work done more efficiently; and for customers, single sign-on lets users get the personalized information they need to do business easily and without frustration. • Improve Security. eTrust SiteMinder provides centralized authorization and authentication services to remove security enforcement from many hundreds or thousands of applications. With centralized security enforcement, security is consistent, comprehensive, and reliable so that no holes are left open in an eTrust SiteMinder secured web environment. • Improve Security System Manageability. With eTrust SiteMinder’s auditing, logging and reporting capabilities, administrators can keep eTrust SiteMinder running smoothly and efficiently by analyzing system activities and preventing problems before they occur. When problems do occur, eTrust SiteMinder’s top-notch troubleshooting tools give administrators the information they need to resolve the problem quickly so that security services remain available.

For More Information eTrust Identity and Access Management Website: www.ca.com/etrust

© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “AS IS” without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. MP279220605