Technical Whitepaper der v2

White Paper

eTrust™ SiteMinder® r6 Technical White Paper June 2005

Table of ContentsThe Challenge: Building and Managing Secure Websites and Applications ....................................................................4Building the Secure Website ..................................................................................................................................................4

Choosing the correct authentication technology ........................................................................................................4Building the user directory ............................................................................................................................................4Providing a quality single sign-on experience ............................................................................................................5

Managing the Secure Website ..........................................................................................................................................5Implementing security for multiple web applications ................................................................................................5Managing the security infrastructure ..........................................................................................................................5Keeping user administration costs down ....................................................................................................................5Choosing the correct technology partner ....................................................................................................................5

eTrust SiteMinder Features and Benefits..............................................................................................................................6Authentication Management ............................................................................................................................................6Authorization Management ..............................................................................................................................................6

Role based access control (RBAC) ................................................................................................................................6eTrust SiteMinder eTelligent Rules ..............................................................................................................................6

Auditing and Reporting ......................................................................................................................................................7Enterprise Manageability ..................................................................................................................................................7Performance, Availability, Reliability, Scalability ............................................................................................................7Performance ........................................................................................................................................................................7

Availability and Reliability ............................................................................................................................................7Scalability ........................................................................................................................................................................7Security............................................................................................................................................................................7Broad Platform Support ................................................................................................................................................8

A Standards-based Solution ..............................................................................................................................................8eTrust SiteMinder Architecture ..............................................................................................................................................8

eTrust SiteMinder Policy Server ........................................................................................................................................9Access control services in a single process ................................................................................................................9

eTrust SiteMinder Agents ..................................................................................................................................................9Web agents ....................................................................................................................................................................9Application server agents ..............................................................................................................................................9SAML affiliate agents ....................................................................................................................................................9Enterprise application agents........................................................................................................................................9

Secure Proxy Server ........................................................................................................................................................10Native Directory Integration ............................................................................................................................................11

eTrust SiteMinder Authentication Management ................................................................................................................11Authentication Methods ..................................................................................................................................................11Authentication Policies ....................................................................................................................................................11Certificate Combinations and Alternatives ....................................................................................................................11Forms-based Certification ................................................................................................................................................12Authentication Levels ......................................................................................................................................................12Directory Mapping ............................................................................................................................................................12Password Services............................................................................................................................................................12Impersonation ..................................................................................................................................................................13

eTrust SiteMinder Authorization Management ..................................................................................................................13eTrust SiteMinder Policies ..............................................................................................................................................14Global Policies ..................................................................................................................................................................15Role based access control (RBAC) ..................................................................................................................................15

Single Sign-On ......................................................................................................................................................................15Single and Multiple Cookie Domains..............................................................................................................................16Federated Security Services ............................................................................................................................................16

Microsoft .NET Passport integration ..........................................................................................................................17Single Sign-on in the Windows Environment................................................................................................................18

Windows integrated security ......................................................................................................................................18Windows application login ..........................................................................................................................................18

Auditing and Reporting ........................................................................................................................................................18Auditing ............................................................................................................................................................................18Reporting ..........................................................................................................................................................................18

Report drill down capabilities......................................................................................................................................18Activity reports..............................................................................................................................................................19Intrusion reports ..........................................................................................................................................................19Administrative reports ................................................................................................................................................19Time series reports ......................................................................................................................................................19

Enterprise Manageability......................................................................................................................................................19OneView Monitor..........................................................................................................................................................19 Environment Collector ................................................................................................................................................20Test Tool ........................................................................................................................................................................20Logging and policy profiling ......................................................................................................................................20

Centralized Agent Management ......................................................................................................................................21Rapid Policy Deployment ................................................................................................................................................21

Unattended installations ..............................................................................................................................................22Command line interface ..............................................................................................................................................22

Performance, Reliability, Scalability and Availability ........................................................................................................22Performance ......................................................................................................................................................................22

Bulk operations ............................................................................................................................................................22Authentication and authorization................................................................................................................................22

Reliability, Availability and Scalability ............................................................................................................................23Policy server clusters ..................................................................................................................................................23

Security ..................................................................................................................................................................................23Data Confidentiality ..........................................................................................................................................................24Mutual Authentication......................................................................................................................................................24Revocation of User Credentials ......................................................................................................................................24Encrypted Session Cookies..............................................................................................................................................24Session and Idle Timeouts ..............................................................................................................................................24Rolling Keys ......................................................................................................................................................................24Hardware Stored Encryption Keys ..................................................................................................................................24LDAP Protection from Denial-of-service Attacks............................................................................................................24Protection from Cross-site Scripting ..............................................................................................................................25Unique Secure HTTP Header Passing ............................................................................................................................25Advanced Web Agents ....................................................................................................................................................25

eTrust SiteMinder Developer Capabilities ..........................................................................................................................25Creating Custom Agents ..................................................................................................................................................25Single Sign-on Support for Custom Agents ..................................................................................................................25 Managing the Policy Store ..............................................................................................................................................26Managing the User Store ................................................................................................................................................26Creating a Custom Authentication Scheme ..................................................................................................................26Flexible Authorization ......................................................................................................................................................26Adding a Directory Provider ............................................................................................................................................26Integrating with eTrust SiteMinder Events ....................................................................................................................26Session Server API ..........................................................................................................................................................26Creating a Secure Communication Tunnel ....................................................................................................................26

Summary ..............................................................................................................................................................................27For More Information ..........................................................................................................................................................27

The Challenge: Building andManaging Secure Websitesand Applications With its extended reach and power, the internet has fundamentally changed traditional businessprocesses. E-business has ushered in the widespreaddeployment of intranets, business-to-business (B2B)extranets and e-commerce websites. These sitesextend business processes to the furthest reaches ofthe web, enabling partners and customers to accesscritical applications, information, services, and transactions anytime and anywhere.

Companies are redeploying the applications that theyhave built over the years with web front ends, as wellas deploying new applications on web servers, J2EEbased application servers, and even mainframe sys-tems that include web servers. As they open up theirbusinesses to new users through the web, they facenew and complex challenges.

Companies must solve a new generation of managea-bility issues, from deployment of online resourcesthroughout a global environment through monitoringand reporting of online activities. IT professionalsneed to support heterogeneous environments by pro-viding flexible deployment approaches. They need toprovide enterprise-class performance, availability, andscalability to support potentially millions of users. Andthey must ensure a long life for these systems byembracing open standards and platforms.

From the security perspective, there are several factorsthat must be carefully considered:

• Authentication. Who will access the system? Willmultiple companies, such as partners, need access?How will authentication across multiple websites behandled? Is a simple password policy appropriate, orare stronger controls needed?

• Authorization. Companies need powerful policiesthat can be easily replicated for similar applicationsand services. They need to implement a singleshared service to simplify and speed administration,and to reduce the burden on application developers.

• Audit. Companies must closely track how the securitysystem is being used. System administrators needdetailed system data to fine-tune performance andbusiness managers need activity data to demonstratecompliance with security policies and regulations.

• Entitlement service. How can companies tie in all ofthe entitlements, that is, profile characteristics ofindividual users, from multiple directories and userstores into a single, shared security service?

• Enhancing the user experience. How can companiesprovide a personal, easy to navigate online sessionfor their users, and at a low cost?

From a user perspective, these new-generation sitesand applications must be:

• Responsive. To deliver high-performance applica-tions, whether they're for customers, partners, oremployees.

• Interactive. To provide the right users access to theright applications, data, services, and otherresources, all of them, at the right time.

• Simple. To provide a seamless user experience withcross-domain access.

Today, corporate IT infrastructures are often insuffi-cient to meet the demands of e-business and unableto manage multiple types of applications accessed bymultiple types of users (employees, customers, suppliersand partners) using multiple types of devices (laptops,PDAs, cell phones). Many sites must accommodatemillions of users and many millions of transactionswithout jeopardizing security. In particular, implementersface several challenging business and technical prob-lems grouped into two major areas: first, building thesecure website and then, managing the secure website.

Building the Secure Website For web developers, the process of building a securewebsite can be very complex. Whether it’s managingmultiple user directories or creating a shared servicefor authentication, authorization and audit, they neednew tools to design and build robust security.

Choosing the correct authentication technology

Due to implementation challenges, security managersoften struggle to define a unified authentication strategyacross internet and intranet applications. The result isthat either high-value applications are not protectedby equally secure authentication systems or low valueweb applications are protected by authentication systems that might actually push users away.Companies need a single method to deploy multipleauthentication systems in a unified strategy thatensures high value applications are protected bystrong authentication while lower value applicationsare protected by simpler user name/password systems.

Building the user directory

Traditionally, security administrators have deployedan authentication system and access control list (ACL)with each application. For a small number of criticalapplications, this one-to-one authentication systemmight be feasible. However, as the number and complexity of applications increases, this approach

4

quickly becomes unmanageable. With each applicationstoring its own user privilege information within anapplication-specific repository or ACL, separate fromany corporate user directory, redundant user adminis-tration and user databases are created that quickly getout of synchronization with the corporate directory,compromising security and the user experience.

Providing a quality single sign-on experience

Successful websites need to provide customers withthe information and services they want, and that thecompany wants them to see, in a personalized contextthat is easy to understand and navigate. If the contentis not personalized, or if users must endure multiplesign-ons to different applications, they become quicklyfrustrated and go elsewhere. In addition, companiesmight forge relationships with any number of affiliatesand partners whose sites, information and servicesoffer complementary value.

Federation enables companies to provide users singlesign-on by transparently linking to all resources within the company’s main website, and its affiliates’ websites from the main site. Single sign-on lets users easily conduct business or obtain more detailed product information.

Managing the Secure Website From an operational perspective, security issues alsoplay an important role in how companies manage and operate websites. Key issues include leveragingredundant points of administration and managing theassociated costs of supporting multiple applicationsand platforms.

Implementing security for multiple web applications

The scheme for managing authentication and authorization for web resources often varies acrossweb servers, application servers, operating systemsand development tools. Consequently, administrationand authorization capabilities can vary greatly. These differences can lead to administrative problems aswell as an inconsistent security framework becausethese more complex environments are often morecostly and time consuming to administer than single-platform environments. As a result, the quality ofwebsite security is often lower in heterogeneous envi-ronments, which is clearly an unacceptable situation.

Managing the security infrastructure

It’s a daunting and expensive challenge to deploylarge-scale websites that can encompass hundreds ofweb servers, applications, and security policies as wellas multiple types of authentication systems to enforceauthentication and access control; all with 24x7 con-tinuous availability. As the number of applications

and users increases, administrative costs can spikedrastically. As web applications continue to gain instrategic importance, the management and adminis-tration of these complex environments will be amongthe most pressing IT challenges.

Keeping user administration costs down

Whether it’s expanding the customer base, addingsuppliers to the extranet, reorganizing divisions, orimproving service quality, people are the center ofevery business initiative. But, as e-business websitesgrow, the number of users interacting with the sitesalso grows, and those increases translate into a broadrange of significant management challenges:

• Assigning authentication methods to resources and users

• Synchronizing IDs and passwords across multipledirectories

• Enabling self-registration and password support for users

• Providing phone and online support to thousands or millions of users, 24x7, around the globe.

Choosing the correct technology partner

Total cost of ownership is directly related to the abilityto support open standards that leverage existing ITinvestments, offer extensive partnership integration,avoid vendor dead-ends, and minimize expensivethird-party integration. It’s possible, of course, toachieve an impressive return on investment (ROI) bymoving applications, and the business processes theysupport, to the web, but the key is how to do so costeffectively. As new web applications are deployed,ROI numbers rise, but with each new application,access, security management, and scalability requirements and issues also arise. To solve thatproblem, companies need comprehensive open application program interfaces (APIs), directory mapping, and a 24x7 redundant architecture.

The right solution removes security from each application and centralizes all user management and security in one place. eTrust™ SiteMinder® is theright solution: it provides corporate and consumer e-business sites with the secure, scalable and reliableidentity and privilege management infrastructure theyrequire for conducting business. It also provides cen-tralized control that administrators need to efficientlymanage and support that security infrastructure.

5

eTrust SiteMinder Features and Benefits eTrust SiteMinder offers the type of solution businesses need to meet the challenge of building andmanaging secure websites. eTrust SiteMinder providesall the essential security services required to meet thischallenge, while also including management featuresand technical capabilities that can reduce the totalcost of ownership.

Authentication Management eTrust SiteMinder supports a broad range of authenti-cation methods including passwords, tokens, X.509 certificates, custom forms, and biometrics, as well ascombinations of authentication methods. It also sup-ports certificate validation through either certificaterevocation lists (CRL) or Online Certificate StatusProtocol (OCSP).

eTrust SiteMinder integrates with industry-leadingdirectory services and user stores, eliminating redundantadministration of user information. This integrationsimplifies administration and provides unique andcomprehensive security capabilities. eTrust SiteMinderfully leverages existing user directories, from leadingLDAP directories and relational databases, to main-frame security directories.

With single sign-on (SSO) and federation, users get a unified and personalized view to all availableresources within and across enterprise boundaries.Businesses and their partners can provide their customers with all their available services; access toall relevant, authorized information; and access tomultiple applications that run on multiple servers,multiple platforms, and across multiple internetdomains. Single sign-on provides a rich user experience,increased security and reduced customer supportcosts due to lost passwords.

eTrust SiteMinder Federated Security Services letusers move across partner and affiliated websites,without having to be re-authenticated. eTrustSiteMinder provides these services by implementingSAML, a standards-based technology. SAML specifiesa framework for sharing security information throughXML documents, called assertions. eTrust SiteMindercan consume incoming SAML assertions and can produce outgoing SAML tokens. As a result, eTrustSiteMinder provides a complete, bi-directional SAMLfederation that enables maximum interoperabilityamong enterprises; that is, users can be authenticatedeither at a company’s main site and go to any partnersite, or be authenticated at a partner site and go to the

company’s main site, without having to be re-authen-ticated. Companies with eTrust SiteMinder securitysolutions can interoperate securely and more effectivelywith more sites, including sites that use other securitysolutions. Users experience a more seamless experi-ence across affiliated sites, improving the chances forincreased revenue and enhanced relationships.

Authorization Management eTrust SiteMinder centralizes the administration ofuser entitlements for customers, partners and employ-ees across all web applications through a shared service. The eTrust SiteMinder advanced architectureand ability to enforce all web-based security policiesacross the enterprise eliminates the need for redun-dant user directories and application-specific securitylogic. Centralized authorization greatly reduces devel-opment costs by allowing developers to focus on theapplication business logic, not on enforcing securitypolicies.

eTrust SiteMinder provides security and access management through its security policies, which aredesigned to accommodate the user and the user’srelationship to the protected resource. A policy pro-tects resources by explicitly allowing or denying useraccess. It specifies the resources that are protected,the users, groups or roles that have access to theseresources, the conditions under which this accessshould be granted, and the delivery method of thoseresources to authorized users. If a user is deniedaccess to a resource, the policy also determines howthat user should be handled.

Role based access control (RBAC)

eTrust SiteMinder, when used with eTrust™ IdentityMinder®,gives enterprises the ability to extend existing authori-zation policies to roles established for users in eTrustIdentityMinder. Using eTrust IdentityMinder, enterprisescan map organizational structure as well as functionalresponsibilities to create and manage roles. eTrustSiteMinder can then bind policies to roles for end-to-end identity and access management control.

eTrust SiteMinder eTelligent Rules

As a business grows and changes, existing securitylogic within applications will likely have to be modifiedor extended. With eTrust SiteMinder, security adminis-trators can use eTelligent Rules to make those securitylogic changes outside the applications, without changing program code, further reducing reliance on programming. Most other security solutions wouldhave to rely on applications being re-programmed, re-built and re-deployed.

6

Auditing and Reporting Auditing and reporting lets managers track user andadministrative activity and analyze and correct securityevents and anomalies. eTrust SiteMinder lets compa-nies define activities within the eTrust SiteMinderenvironment to be logged and where that informationshould be stored: in a file or in a relational database.Both the policy server and web agents provide sepa-rate audit logging and debug logging.

Enterprise Manageability eTrust SiteMinder enables efficient management practices in all areas of security system operations,including responsive troubleshooting, fast day-to-dayexecution of routine operations and easy-to-manageperiodic operations. Daily activities, such as trou-bleshooting, password services and reporting, can be completed faster and better because eTrustSiteMinder provides centralized administration toolsfor the entire security environment. eTrust SiteMinderalso provides tools that let administrators easily manage deployment, including remote agents andsecurity policies, regardless of the size of the securityenvironment.

Performance, Availability, Reliability,Scalability As more web applications are deployed and morebusiness is conducted by more people online, compa-nies need a security solution that is efficient, available,reliable, and scalable. eTrust SiteMinder meets allthese criteria, especially for very large deployments.

Performance Based on independent third-party comparison againstpublished data from other vendors, eTrust SiteMinderhas proven its ability to provide significantly highertransaction rates than competing solutions. eTrustSiteMinder is the only solution with proven deploy-ments supporting millions of users at companies likeAmerican Express, E-Trade and General Electric.

eTrust SiteMinder achieves these high levels of per-formance by optimizing the speed of its policy server,the component that runs the centralized securityservices. With quick start-up and fast runtime per-formance, the policy servers provide efficient securityservices capable of supporting millions of users andthousands of protected resources.

Availability and Reliability

eTrust SiteMinder reliably and effectively helps toensure that the entire environment that is beingsecured remains available and accessible to the rightusers. Administrators can set up load balancing andfailover so that if one eTrust SiteMinder component isunavailable, the next one will be used without inter-ruption to the user. Even if an eTrust SiteMinder com-ponent fails, it will automatically be re-started to keepall operations going all the time.

eTrust SiteMinder administrators also have the optionto cluster policy servers, that is, to group together policy servers based on criteria that are important tothe security system implementation. Once policyservers are clustered, administrators can set updynamic load balancing within the cluster and auto-matic failover among clusters to meet the increasinghigh performance, high availability requirements of a growing enterprise.

Scalability

eTrust SiteMinder can be scaled to meet securityrequirements for almost any website, both in terms of numbers of users and numbers of resources. WitheTrust SiteMinder, security administrators don’t haveto worry about their company’s new acquisitions ornew partnerships. eTrust SiteMinder will be able tohandle it: new users, new platforms, new applications,or additional spoken languages. No portion of theenterprise would go unsecured, possibly leaving holesthat unauthorized users could take advantage of.

In terms of numbers of users, eTrust SiteMinder canwork effectively and efficiently with many millions of users with information stored on a broad array ofuser stores. By centralizing user access management, security administrators can manage all securityrequirements for all categories of users throughoutthe enterprise, from a single location.

Security

eTrust SiteMinder offers the most secure communica-tions architecture in the industry. With 128-bit encryption and hardware token-based encryption keymanagement and storage, eTrust SiteMinder combinesthe best of security and manageability by deploying amix of eTrust SiteMinder Agents and eTrust SiteMinderSecure Proxy Servers across a single policy model. Inaddition, eTrust SiteMindersupports a comprehensiveset of password services including password composi-tion, dictionary checking and expiration rules allowingyou to implement robust password rules.

7

eTrust SiteMinder Architecture eTrust SiteMinder is one of the industry’s leadingdirectory-enabled access management systems. eTrustSiteMinder enables administrators to assign authenti-cation schemes, define and manage authorizationprivileges to specific resources, and create rules andpolicies to implement these authorization permissions.With eTrust SiteMinder, companies can implementsecurity policies to completely protect the content ofan entire website.

eTrust SiteMinder consists of two primary components,the eTrust SiteMinder Policy Server and eTrustSiteMinder Agents. See Figure 1 for an overview ofthe architecture of eTrust SiteMinder.

Figure 1.eTrust SiteMinder Architecture Overview

1. User attempts to access a protected resource.

2. User is challenged for his credentials and presentsthem to the Web Agent or to the Secure ProxyServer

3. The user’s credentials are passed to the policyserver

4. The user is authenticated against the appropriateuser store

5. The policy server evaluates the user’s entitlementsand grants access

6. User profile and entitlement information is passedto the application

7. The user gets access to the secured applicationwhich delivers customized content to the user

Secured Applications

Users

EmployeesPartnersCustomers

eTrust SiteMinderSecure Proxy Server

Web Server

FinanceHR/PayrollIntranetSupply Chain

CRMCustomer ServicePartner Extranete-Commerce

Secured Applications

LDAPDatabasesMainframesNT Domain

User & Entitlement Stores

eTrust SiteMinderPolicy Server

DestinationWeb Servers

Broad Platform Support To help achieve a higher return on investment (ROI)and lower total cost of ownership (TCO), eTrustSiteMinder leverages existing technology investmentsby supporting leading infrastructure components,including directories, web servers, application servers, platforms and authentication methods. eTrustSiteMinder provides native-directory integration withexisting directories and databases (LDAP, AD, NTDomain, MS SQLServer and Oracle) and integrateswith a large number of leading enterprise applica-tions, such as SAP, Siebel and PeopleSoft. In addition,eTrust SiteMinder includes J2EE application serveragents, enabling fine-grained access control of IBMWebSphere and BEA WebLogic Server hosted applica-tions. eTrust SiteMinder extends its security manage-ment and single sign-on capabilities to the OS/390mainframe platform with a web agent for the IBMHTTP web server and support for RACF and ACF2security directories through the eTrust SiteMinderSecurity Bridge. What’s more, eTrust SiteMinder alsosupports authentication for network access devices,including firewalls, dialup servers, and other RADIUS-compliant devices. eTrust SiteMinder is fully multi-byte enabled and can be used to secure thedeployment of multilingual sites.

A Standards-Based Solution Even with eTrust SiteMinder’s extensive support forleading infrastructure technologies, there are manylegacy and custom applications that many companieswant to integrate into their web security system. Atthe same time, technology investments must remainopen to best-of-breed technologies and not be lockedin to a limited number of vendors. eTrust SiteMinder isthe industry leader in adopting and supporting newtechnology standards as well as offering an extensiveand well-documented series of Java and C applicationprogramming interfaces (APIs) throughout the product.eTrust SiteMinder is developed on open standards.The eTrust SiteMinder development team was a leading designer of the Oasis XML security standard,known as Security Assertions Markup Language(SAML).

8

eTrust SiteMinder Policy Server The eTrust SiteMinder Policy Server is the heart ofeTrust SiteMinder. The policy server provides the keysecurity decision-making operations for eTrustSiteMinder. This high-performance server providesload balancing, failover and caching for superior relia-bility and speed. Policy servers have been designed tobe reliable, fast, and easy to manage, so they can bescaled to meet today’s and tomorrow’s businessrequirements. Policy server operations are optimizedto get them initialized and running quickly.

Access control services in a single process

The eTrust SiteMinder Policy Server is a single-processengine that runs all four shared services: authentica-tion, authorization, administration and auditing. The single, multi-threaded process results in a highly efficient, simple-to-manage system. The run-time performance is very fast because the single processserver requires a smaller total memory footprint thana multi-process server and thread context switchesrun faster than process context switches.

eTrust SiteMinder Agents Agents are the enforcement mechanisms for policy-based authentication and access control. They integratewith web servers, application servers, enterprise applications or custom applications to enforce accesscontrol based on defined policies.

Web agents

Web agents control access to web content and deliver a user’s security context, managed by eTrustSiteMinder, directly to any web application beingaccessed by the user. By placing an agent in a webserver that is hosting protected web content or applica-tions, administrators can coordinate security across aheterogeneous environment of systems and create asingle sign-on environment for all users.

For web servers, the web agent integrates througheach web server’s extension API. It intercepts allrequests for resources (URLs) and determines whethereach resource is protected by eTrust SiteMinder. If theresource is not eTrust SiteMinder-protected, therequest is passed through to the web server for regularprocessing. If it is protected by eTrust SiteMinder, theweb agent interacts with the policy server to authenti-cate the user and to determine if access to the specificresource is allowed. Depending on the policy for therequested resource, the web agent can also pass tothe application a response that consists of the user’sattributes from the user directory and entitlementinformation. The application can use the entitlementinformation to personalize the page content accordingto the needs and entitlements of each user.

9

The web agent caches extensive amounts of contextualinformation about the current user’s access. Thecaching parameters that control these services arefully tunable by the administrator to optimize performance and security.

Application server agents

To secure more fine-grained objects such as servlets,JSPs, or EJB components, which could comprise afull-fledged distributed application, eTrust provides afamily of eTrust SiteMinder application server agents(ASAs). ASAs are plug-ins that communicate with theeTrust SiteMinder Policy Server to extend single sign-on (SSO) across the enterprise, including J2EEapplication server-based applications. ASAs protectfine-grained resources hosted in an application serverby superseding the native application server’s securitymechanisms.

For more information about the BEA WebLogic andIBM WebSphere ASAs, refer to eTrust’s white papersavailable on (http://www.ca.com/etrust).

SAML affiliate agents

E-business sites often link directly to any number ofaffiliate websites to drive traffic and business to theseaffiliate sites. For example, a customer might visit asports-oriented site and follow a link to an affiliate sitethat offers custom-made sports equipment. The main site benefits from this arrangement because it can draw more customers by providing a wide variety of services and content, and it also generallyreceives a commission for any purchases made on the affiliate site by a customer who originally camefrom the main site. Both companies benefit fromthese partnerships, and it is in the best interest of themain site if the user experience on the affiliate site ishighly personalized.

An eTrust SiteMinder affiliate agent resides on theaffiliate’s web server and passes the user profile andentitlement information to applications running on theaffiliate site. The user sees a seamless and personal-ized experience as the user moves from site to site.The result is better customer relations for both busi-ness partners and a much higher likelihood of a customer transaction.

Enterprise application agents

eTrust SiteMinder provides several agents that inte-grate directly with the most widely used enterprise applications.

application. A custom agent working with the policyserver as the core engine can extend the types ofresources that eTrust SiteMindercan protect.

Secure Proxy Server The eTrust SiteMinder Secure Proxy Server is aturnkey, high performance, proxy gateway thatsecures a company’s backend servers, offering analternative deployment model for eTrust SiteMinder.With Secure Proxy Server, eTrust SiteMinder offerstwo complementary policy enforcement strategies fora more flexible and secure web access architecture.Customers may choose to deploy traditional eTrustSiteMinder agents or the Secure Proxy Server. Thesesolutions may be used singly, or in combination, toprovide the optimum security and administration envi-ronment for any site.

Key benefits of the Secure Proxy Server include:

• Increased Security. Secure Proxy Server providesmultiple authentication schemes, basic, forms-based and certificate-based, while providing a single access management point. It prevents non-authenticated traffic from entering any point in the DMZ and eliminates the exposure of networktopology to outside users.

• Greater Deployment Flexibility. Secure Proxy Serversupports multiple-session schemes for cookie andcookie-less methods of session tracking. It providessecurity for any back-end server environment, aswell as a platform for building out wireless solutions.Advanced proxy rules dynamically route incomingrequests to the appropriate backend server.

• Extensibility, Scalability and Robustness. Secureproxy Server is an open and extensible solution,providing a set of Java APIs for providing customsession schemes. It is also fully integrated witheTrust SiteMinder’s scalable and robust architecture.

The Secure Proxy Server is a self-contained reverseproxy solution consisting of two components, theproxy engine, with a fully integrated eTrust SiteMinderAgent, and an Apache-based HTTP web listener. TheSecure Proxy Server accepts HTTP and HTTP overSSL (HTTPS) requests from web clients, passes thoserequests to enterprise back-end content servers, andreturns resources to the requesting client.

For detailed information on the eTrust SiteMinderSecure Proxy Server, refer to the Secure Proxy Serverwhite paper available at http://www.ca.com/etrust

10

SAP Agent

The SAP Agent enables SAP R/3 customers to extendSSO to their SAP users and to affiliate sites as well.The SAP Agent provides a second level of authentica-tion behind the DMZ in a trusted zone or corporateinternal network, enforces session synchronization,and enables choices in authentication technologies for SAP user authentication.

Oracle Agent

The Oracle Agent for Oracle extends SSO to Oracleusers to their corporate web and application servers,as well as to affiliate sites. The eTrust SiteMinderConnector for Oracle Solutions also provides adminis-trators with the flexibility to select a variety of authentication methods.

PeopleSoft Agent

The PeopleSoft Agent for PeopleSoft 8 enablesPeopleSoft implementers to extend SSO to PeopleSoftusers. In addition, the eTrust SiteMinderAgent pro-vides PeopleSoft 8 sites with the flexibility to choosethe authentication security technology, verification ofuser session data within the application server, andenforced synchronization between eTrust SiteMinderand PeopleSoft Application Server sessions.

Siebel Agents

The Siebel Solutions Agents use the Security Adaptorinterface for the Siebel Object Manager to achieve thecritical, Tier 2 security integration. With the eTrustSiteMinder SSO solution for Siebel, security adminis-trators can implement a wide variety of authenticationtechnologies to identify Siebel, link user sessions toensure user single sign-out as well as increasing over-all website security as the Siebel Object Manager andthe eTrust SiteMinder Policy Server do not reside inthe DMZ. eTrust SiteMinder enables Siebel customersto extend SSO to their entire corporate web and application servers, as well as to partner affiliate sites.

Custom Agents

The eTrust SiteMinder Policy Server is a general-pur-pose rules engine that can protect any resource thatcan be expressed as a string, as well as any operationon those resources. While web agents, applicationserver agents and affiliate agents work with the stan-dard features of eTrust SiteMinder, administrators canextend agent functionality by creating and configuringa custom agent using the Agent API and policy serverManagement Console. Custom agents can participatewith standard eTrust SiteMinder agents in a singlesign on environment.

Custom agents work with the eTrust SiteMinder PolicyServer to control access to a wide range of resourceswhether web-based or not. For example, customagents could be used to control access to an applica-tion, application function or a task performed by an

Native Directory Integration eTrust SiteMinder is integrated with industry-leadingdirectory services, eliminating redundant administrationof user information. This integration simplifies admin-istration and provides unique and comprehensivesecurity capabilities.

eTrust SiteMinder supports a range of leading LDAPdirectories and relational databases. eTrust SiteMinderalso supports mainframe (OS/390) security directories,such as RACF, ACF-2, and TopSecret. eTrust SiteMindertreats these directories as if they are regular LDAPuser directories, and can provide both full authentica-tion and authorization for users stored in these directories. Support for these directories is achievedthrough an add-on component called the eTrustSiteMinder Security Bridge.

eTrust SiteMinder supports storage of policy informa-tion in a variety of LDAP enabled directories and SQLdatabases.

Even though the user and the policy store are logicallyseparate, the ability to store both users and policies inthe same physical directory provides easier adminis-tration and better performance. Directory Mappinglets an application authenticate users based on infor-mation from one directory and authorize users basedon information from a different directory.

eTrust SiteMinderAuthentication Management eTrust SiteMinder offers unparalleled control overwhat type of authentication method is used to protecta resource and how that authentication method isdeployed and managed. Traditionally, it is very chal-lenging to successfully deploy and manage strongauthentication methods (for example, two-factor cer-tificates); therefore, most companies default to usinguser names and passwords. By centrally managing all authentication systems and utilizing the eTrustSiteMinder advanced authentication policy manage-ment capabilities, companies can successfully deploymixed authentication methods based on resourcevalue and business needs instead of IT limitations.

Authentication Methods No single authentication technique is appropriate forall users and all protected resources in all situations.That’s why authentication flexibility is an important

requirement. eTrust SiteMinder offers a completepassword authentication solution and integrates outof the box with most leading authentication methods.Since administrators often require varying levels ofauthentication security for different resources, eTrust SiteMinder supports a range of authenticationmechanisms, including:

• Passwords

• Two-factor tokens

• X.509 certificates

• Passwords over SSL

• Smart cards

• Combination of methods

• Forms-based

• Custom methods

• Full CRL and OCSP support

• Biometric devices

• Forms and/or certificates

Certificate revocation is a critical component of PKIstrategy, since invalid certificates must be rejected bythe authentication mechanism. eTrust SiteMindersupports CRL processing for all leading public keyinfrastructure (PKI) vendors, including the requirementthat the CRL is located in a directory and searched toensure the current certificate has not been revoked. In addition, eTrust SiteMinder supports the use ofOCSP for real-time certificate validation.

Authentication Policies Authentication policies give security administratorsunique management capabilities to mix and matchauthentication methods and brand and customize thecredentials collected. eTrust SiteMinder also enablesadministrators to classify resources into groups basedon their value and assign different authentication methods to each level.

Certificate Combinations and Alternatives Authentication method combinations, such as certificateand password, are very useful when stronger securityis required for a specific set of resources. It is also asolution for enterprises where multiple administratorsmight share a secured machine. The certificateidentifies the machine, while each operator has their own password.

11

Alternative methods (certificate or password) are idealwhen administrators require gradual deployment ofcertificates. When a certificate for authentication isinstalled, it is used; but, if a certificate is not present,eTrust SiteMinder reverts to regular password authentication.

Forms-based Certification Forms-based authentication enables the implementationof an authentication screen that is tailored to individualneeds. This is useful when a common brand identityis desired across all internal applications and sign-onscreens. In addition, it supports custom attributes,such as a Social Security number or mother’s maidenname, for authentication. For attributes in the userdirectory, eTrust SiteMinder performs authenticationchecks automatically, providing much greater log-insecurity.

Authentication Levels eTrust SiteMinder supports authentication levels. Eachauthentication method is associated with a particularlevel, ranging from a top priority of 1 to the lowestpriority of 1000. When a user accesses a resource, theauthentication method priority is compared with theauthentication method priority level that was used toauthenticate the user. If the level of the currentmethod is higher than the level used to authenticatethe user, then a new authentication, using the newresource’s associated method, must be performed. Ifthe user has already been authenticated at a higherlevel, no re-authentication is required.

Directory Mapping eTrust SiteMinder supports directory mapping, whichenables applications to authenticate users with a specific directory, but authorize using attributesincluding group information stored in a differentdirectory. This is critical because it supports the needsof sites (such as ISPs) that centralize user identities ina single authentication directory, but manage groupmembership and application privileges in a separate,application-specific directory. It is also useful whenauthentication information is stored in a central direc-tory, but authorization information is distributed inseparate user directories that are associated with particular applications.

Password Services Password management is a critical security and costissue within most corporations. To maintain usersecurity, passwords must be difficult to guess, mustchange frequently, and must not be reused. In addition,

administrators need alerts if suspicious events occur,such as a user failing several successive loginattempts. eTrust SiteMinder Password Services providean additional layer of security to protected resourcesby enabling the management of user passwords inLDAP user directories or relational databases. To man-age user passwords, administrators create passwordpolicies that define rules and restrictions for govern-ing password expiration, composition, and usage.

Password services can enforce multiple passwordpolices through a priority list of passwords that applyfor multiple applications being protected across oneor more user directories. Password services alsoenable password self-service for end-users.Developers can implement eTrust SiteMinder PasswordServices through either CGI with customizable HTMLforms or through a servlet with customizable JavaServer Pages (JSP-forms).

• Directory Usage. Apply Password Services to anentire directory of users or to a subset. eTrustSiteMinder also supports nested groups within thename-space of a user directory.

• Password Expiration. Set a maximum number oflogin failures and define inactive-password policies,that is, the time period after which an unused pass-word expires. Expirations can also be set for userpasswords based on time variables, thereby forcingusers to reset current passwords.

• Password Composition. eTrust SiteMinder enablesthe definition of minimum and maximum lengths ofpassword characters and whether passwords shouldrequire numbers. Composition also uses a passworddictionary. Regular expressions can be set in the dictionary and all valid passwords must eitherinclude or exclude the expressions set in the refer-ence dictionary. Restrictions can be managed usingthe dictionary reference. Reuse of older passwordscan be denied, similar password structures can bedenied, and specific words can also be restrictedfrom use in a password.

• Password Usage. eTrust SiteMinder includes a seriesof advanced password services that enforce the useof upper and lower case letters within a password:all uppercase, all lower case, case does not apply.The use of white spaces can also be specified: nowhite spaces, no white spaces before a character orafter a character.

• Password Services Self-registration and Management.

eTrust SiteMinder enables end users to register as anew user, create a user name and password, setexpirations to that password, and change the password whenever the user feels it necessary.

12

When Password Services are active, eTrust SiteMinderinvokes a password policy whenever a user is authen-ticated as well as when a user password is set ormodified. The Password Services action depends onthe context, which includes the user credentials andthe policy. If the user is trying to create or modify thepassword and the new password does not meet thepassword policy requirements, the operation fails. Ifthe user is attempting to authenticate with a passwordthat has expired, or if the user account was markedinactive, actions such as disable the account or redirect to an information page, can also be specifiedin the password policy.

Impersonation eTrust SiteMinder supports impersonation, where one authorized user can access what another useraccesses. With impersonation, a customer service representative can act on behalf of users to run tasksfor them that they otherwise might not want to, orknow how to, run themselves. For example, a stockbroker might use impersonation to complete a stocktransaction for a client.

With impersonation, a previously authenticated useruses their identity to assume the identity of anotheruser without presenting the other user’s credentials.Secure information, such as passwords, do not haveto be transferred over the phone anymore. To start theimpersonation, the customer representative requeststhat a defined resource be mapped to the imperson-ation authentication scheme. Then, the representativeis prompted to enter the impersonation username.

eTrust SiteMinder makes sure that impersonation is a secure operation, that only entitled users can impersonate other users:

• Administrators set up impersonation as an eTrustSiteMinder rule in a policy. In this way, imperson-ation can be very finely controlled because policiescan define exactly who can impersonate whom forwhich resources within a realm.

• All impersonation sessions are audited to provide a history of events for record keeping and non-repudiation. Information from both the userwho is impersonating and the user who is beingimpersonated is recorded.

• Private information can be hidden from the impersonating subject, as necessary to protect acustomer’s privacy.

eTrust SiteMinder includes impersonation templatesthat administrators can configure and brand, like any

other eTrust SiteMinder HTML forms-based authenti-cation scheme. As a result, impersonation is straight-forward to set up and configure, as well as beingstraightforward to use.

eTrust SiteMinderAuthorization Management Entitlement management is one of the most criticalissues for web applications. Users need to accessinformation, but must be authenticated and authorizedbased on their privileges before gaining access.Traditionally, the entitlement management model forweb resources often varies across web servers, appli-cation servers, operating systems and developmenttools. Consequently, the administration of one servercan differ from the administration of another, and entitlement management capabilities offered by these various servers and tools can differ. These differencescan lead to administrative problems as well as aninconsistent security framework.

eTrust SiteMinder provides centralized authorizationmanagement through its policies for all webresources, across web servers, application servers,and so on. Administrators work with the Policy ServerManagement Console to define policies that restrictaccess to specific web resources by user, role, group,dynamic group and exclusions. Centralized accesscontrol through policies provides very fine grainedcontrol to administrators, allowing them to implementaccess control at the file, page or object level.

The Policy Server Management Console is a single,browser-based, administrative system that extendsacross all intranet and extranet applications. A consis-tent security policy simplifies the central managementof multiple web applications. A centralized approachto security management provides the followingadvantages:

• It eliminates the need to write complex code to manage security in each application.

• The time and cost to develop and maintain multiplesecurity systems is eliminated; sites deploy only onesecurity system for all applications.

• eTrust SiteMinder manages the security privileges of customers, business partners, and employees,whether they access the corporate network locally orremotely through the internet or a private network.

13

eTrust SiteMinder Policies eTrust SiteMinder provides security and access man-agement based on policies that make access andsecurity management more flexible and scalablebecause they are built around the user and the user’srelationship to the protected resource.

A policy protects resources by explicitly allowing ordenying user access. It specifies the resources that areprotected, the users, groups or roles that have accessto these resources, the conditions under which thisaccess should be granted, and the delivery method ofthose resources to authorized users. If a user is deniedaccess to a resource, the policy also determines howthat user is treated.

An eTrust SiteMinder policy binds rules and responsesto users, groups and roles. The responses in a policyenable the application to customize the delivery ofcontent for each user. Policies reside in the policystore, the database that contains all the eTrustSiteMinder entitlement information. The basic structure of a policy is shown in Figure 2.

When a policy is constructed, it can include multiplerule-response pairs bound to individuals, user groups,roles, or an entire user directory. Administrators canalso configure multiple policies to protect the sameweb resources for different sets of users, addingresponses that enable the web application to furtherrefine the web content shown to the user.

One of the configuration options of a policy is a timerestriction. If a time restriction is specified for a policyand a rule in that policy also contains a time restriction,the policy executes only during those times whenboth restrictions overlap.

Today, line-of-business needs are driving IT securitymanagers to use real-time data, either entered by theuser or by a third-party service, as part of the authori-zation process. To process real-time data, security-related logic must be coded into back-end businessapplications. However, this security logic is expensiveto maintain because it requires developers to imple-ment separate security-code changes for each back-end application. What’s more, the custom securitycode typically does not solve the business require-ment because the authorization data cannot be evaluated in real time by the application.

Security administrators can use eTrust SiteMindereTelligent Rules to build comprehensive expressionsrepresenting business logic and to utilize internal andexternal data for real-time decision-making. Variables,whose values are dynamically retrieved at runtime,can be used in the expressions. eTelligent Rules

resolve values for variables in user attributes fromuser stores, data in forms users completed, or throughweb services calls to local or remote data sources.The values are then evaluated against the expressionas part of the policy decision making process,together with other policy constraints.

For example, in a financial services website, a userwants to access services that are available only to customers with a certain credit rating. eTelligent Rulescan be implemented using web services calls to checkthe customer’s current credit rating with an external,online credit service. If the customer’s credit rating isadequate, then access is allowed (assuming all othersecurity policy criteria are met).

Additional information on eTelligent Rules is availablein a detailed white paper, available athttp://www.ca.com/etrust

Figure 2. eTrust SiteMinder Policy

Rules/Rule Groups A rule identifies and allows or denies access to a specificresource or resources that are included in the policy.

Users

A policy specifies the users, groups of users, or rolesthat are included or excluded by the policy. Users oruser groups are located in native directories linked toeTrust SiteMinder, and roles information is stored inthe eTrust SiteMinder policy store.

Responses

A response defines information (for example, userattributes) that can be passed to an application whena user is accessing the resource. The application mayuse this information to provide finer access controland/or customize the appearance of the resource.

eTelligent Rules

In addition to supporting static rules, administratorscan configure eTelligent Rules, that is, an active policythat authorizes users based on dynamic data obtainedfrom external business logic. For example, a policycould limit access to a specific application to cus-tomers who have a current account balance of lessthan $1,000. In this way, application data that is oftenstored in transactional systems like a bank-transactionsdatabase can be included within the policy enforcementcapabilities of eTrust SiteMinder.

14

OptionseTrustSiteMinder

PolicyRule or

Rule Group

Determinesaccess to a

resource

Users or Groupsin a Directory

User, GroupsExclusions & Roles

Action that occurswhen a rule fires

Response orResponse Group

eTelligentRule

Expressionusing external data

Time

Time when thepolicy can orcannot fire

IP Address

IP addressthat policyapplies to

ActiveResponse

Dynamicextension ofthe policy

IP addresses

A policy may be limited to specific user IP addresses.If a user attempts to access a resource from an IPaddress not specified in the policy, the user will not be allowed access.

Time restrictions

A policy may be limited to specific days or ranges ofhours. A policy with a time restriction will not allowaccess outside specified times.

Active response

An Active Response allows business logic external toeTrust SiteMinder to be included in a policy definitionenabling eTrust SiteMinder to interact with customsoftware created using the eTrust SiteMinder APIs.

Global policies

eTrust SiteMinder’s global policies significantlyimprove how policies can be organized and theyreduce redundant operations for configuring multiplepolicies in large enterprises. Global policies provideadministrators with the ability to define policy objects,rules, and responses, with global scope separatelyfrom a policy domain. When separated from adomain, administrators can define common policyobjects, rules, and responses once that apply acrossmultiple domains. Then, they can easily update thecommon policy objects, rules, and responses withouthaving to locate each item in each realm throughoutthe domains. In addition to improving policy adminis-tration, global policies can help ensure compliancewith federal regulations or corporate rules becausethey can enforce those rules and regulations acrossthe enterprise, if required.

Each component of a global policy remains comple-mentary to their domain-specific counterparts; that is,if there is a domain-specific policy object, rule orresponse with the same reference, the domain-specificitem takes precedence over the global item. Systemlevel administrators can also disable global policiesfor any domain, if they so choose. Global policiesallow time restrictions to be specified when rules are in effect.

For example, administrators define a policy in eachrealm to redirect users to the same web page whenusers are not authenticated or not authorized toaccess a resource. With global policies, administratorsdefine a redirect policy once and that single globalpolicy can be used by all realms. Without global policies,administrators have to define that same policy overand over for each realm.

Global policies are managed by system-level adminis-trators only using the Policy Server ManagementConsole, the Policy Management API, or the Perl script interface to the Policy Management API.

Role based access control (RBAC)

eTrust SiteMinder software, running in conjunctionwith eTrust IdentityMinder software, provides enter-prises with role based access control. Roles define jobresponsibilities, or a set of tasks that are associatedwith a job or business function. Each task correspondsto an operation in a business application. A single rolecan have one or more tasks defined in it and userscan have one or more roles assigned to them. AneTrust IdentityMinder central administrator createsrole and task definitions. Only after a user is assigneda role can they perform the tasks defined in that role.

When eTrust IdentityMinder is integrated with eTrustSiteMinder, eTrust SiteMinder extends the power ofroles beyond job descriptors to access management.The eTrust IdentityMinder administrator works withthe eTrust SiteMinder administrator to bind eTrustIdentityMinder roles to eTrust SiteMinder policies.Once the roles are bound to eTrust SiteMinder policies,the user and access management link is established.eTrust IdentityMinder manages the users and theirroles; eTrust SiteMinder manages secure access toresources specified by their roles.

The eTrust IdentityMinder-eTrust SiteMinder rolebased access control implementation is non-intrusiveand flexible. eTrust IdentityMinder roles can be useddirectly by eTrust SiteMinder without the need to modify user directories. eTrust SiteMinder access control mechanisms are available to eTrustIdentityMinder roles without the need to modify eTrust IdentityMinder role definitions.

Single Sign-On One of the most common challenges site operatorsface is multiple user logins. No universal single sign-on (SSO) solution exists today, primarily becausethere are no formal standards to facilitate an opensolution. eTrust SiteMinder supports SSO in severalways: single sign-on in single and multiple cookiedomains; Federated Security Services through SAML;integration with Microsoft .NET passport, and within a Microsoft Windows environment. With its broadsupport for single sign-on, users get seamless accessto resources across networks of websites.

15

Single and Multiple Cookie Domains When a user authenticates with eTrust SiteMinder, anencrypted cookie is created that contains the neces-sary session information about the user. The cookie isencrypted with a 128-bit symmetric cipher. No userpassword information is ever kept within the cookie.When the user requests access to a different protectedresource, eTrust SiteMinder decrypts the informationin the cookie and securely identifies the current user.No additional authentication is required. See Figure 3.

eTrust SiteMinder also supports cross-domain SSO.When users authenticate to a single internet domain,eTrust SiteMinder eliminates the need to re-authenti-cate when they access protected resources or applica-tions in a different domain. Cross-domain SSO is acritical capability, especially for large enterprises withmultiple divisions or multinational businesses. SeeFigure 4.

Figure 3.Single sign-on within a single cookie domain

Figure 4.Single sign-on across multiple cookie domains

In an environment that includes resources across multiple cookie domains, eTrust SiteMinder supportssingle sign-on across applications running on hetero-geneous web and application server platforms using a cookie provider, a specially configured eTrustSiteMinder Agent that passes a cookie containing theuser’s identity and session information to other cookiedomains in the SSO site. This enables eTrust SiteMinderto authenticate the user across the entire virtual website, even though it consists of multiple domains.

Within the SSO site, users enter their credentials upontheir first attempt to access a protected resource. Afterthey are authorized and authenticated, they can movefreely between different realms that are protected byauthentication schemes of an equal or lower protectionlevel without re-entering their identification information.The above diagram shows SSO across multiple cookiedomains.

eTrust SiteMinder’s support for SSO improves theoverall user experience simplifying access amongservers and applications. It also lowers the administra-tive costs by allowing users to access the data theyneed using only one password.

Federated Security Services eTrust SiteMinder makes it easy for administrators toset up Federated Security Services. An authenticationscheme is available to configure SAML producers,user mapping, and validation information. Duplicateuser profiles in both the main site and partner sites(one-to-one user mapping) is supported, but notrequired. Federated Security Services also supportsone-to-many user mapping; for example, everyonefrom a partner site can be mapped to one identity,such as Partner Employee, in the local user store. Thepolicy server also adds issuer validation to ensure thatthe integrity of the token is intact when it is received.

16

Mycompany.com

Mycompany.com

/servlet 1/

/app1/


Application Serverwith eTrust

SiteMinder Agent

Web Serverwith eTrust

SiteMinder Agent

User Authenticates Once

Cookie domainsubsidiaryA.com

Web Serverwith ProtectedApplications

Application Serverwith ProtectedApplications

Cookie domainsubsidiaryB.com

Cookie domainmycompany.com

Web Server Designedas the ìcookie providerî

for the SSO Site

User entitlementsSession identity

AuthenticationUser entitlementsSession identity

User entitlementsSession identity


Figure 5 shows how the eTrust SiteMinder site, as aSAML producer works, with affiliated sites. Becausethe eTrust SiteMinder site conducts the authenticationfor all users, the affiliated partner sites don’t evenneed a security solution.

Figure 5.eTrust SiteMinder as a Producer with SAML Affiliate Agents

Figure 6 shows how the eTrust SiteMinder site, as aSAML producer works, with affiliated sites that areSAML compliant, but do not have a SAML AffiliateAgent running at the site. The eTrust SiteMinder siteconducts the authentication for all users, but the affili-ated partner sites require a SAML compliant securitysolution to enable single sign-on for users.

Figure 6.eTrust SiteMinder as a SAML producer without SAMLaffiliate agents

Figure 7 shows how the eTrust SiteMinder site, as aSAML consumer works, with affiliated SAML sites.Because eTrust SiteMinder can consume SAML tokens,it can easily interoperate with sites that don’t useeTrust SiteMinder.

Figure 7.eTrust SiteMinder as a SAML consumer with SAML affiliates

Microsoft .NET Passport integration

Microsoft® Passport is an online user-authenticationservice. Passport lets a consumer create a single sign-in name and password for easy, secure access to allPassport-enabled websites and services. Passport-enabled sites can rely on Passport to authenticateusers. However, Passport does not authorize or deny aspecific user’s access to individual sites and applications.

With the integration of Microsoft .NET Passport services,eTrust SiteMinder combines the convenience of .NETPassport authentication with eTrust SiteMinder author-ization services. This combination allows organiza-tions to retain fine-grained and secure control overtheir security policies through eTrust SiteMinder, whileparticipating in a trusted network that delivers a unifiedexperience to Passport users. Passport users can log-inonce using their .NET Passport user name and pass-word, or credentials and seamlessly access a networkof .NET Passport enabled websites, as well as enter-prise applications protected by eTrust SiteMinder. Foradded security, an eTrust SiteMinder protected site can choose to re-challenge the user for more securecontent.

17

Affiliate Partner

Users


Web Serverwith

SAML AffiliateAgents

Affiliate Partner

eTrust SiteMinder

Web Serverwith

eTrust SiteMinder

Web Serverwith

SAML AffiliateAgents

<SAML>

<SAML>

Policy Servers

Affiliate Partner

Users


Affiliate Partner

eTrust SiteMinder

Web Serverwith

eTrust SiteMinder

Web

<SAML>

<SAML>

Policy Servers

SecurityProduct

Web SecurityProduct

Affiliate Partner

Users


Affiliate Partner

eTrust SiteMinder

Web Serverwith eTrust SiteMinder

Agent

WebServer

<SAML>

<SAML>

Policy Servers

SecurityProduct B

WebServer

SecurityProduct A

Single Sign-on in the Windows Environment eTrust SiteMinder single sign-on is especially impor-tant in the Microsoft Windows environment becauseusers access many enterprise applications throughtheir Windows desktop.

Windows integrated security

Users who login to their desktop using Windows NTauthentication and use internet Explorer to access e-business applications deployed on any web server,including non-internet information server web servers, can login to eTrust SiteMinder without being re-challenged as long as there is one IIS web serverconfigured to use eTrust SiteMinder. With this capabil-ity, the user only has to remember their desktop password.

Windows application login

eTrust SiteMinder also supports Windows applicationlogin, enabling a user to login to eTrust SiteMinderand subsequently launch Windows/COM+ web appli-cations such as Microsoft Outlook Web Access andMicrosoft Commerce Server. With Windows applica-tion login, administrators can enforce access controlon non-eTrust SiteMinder-protected Windows applica-tions for all eTrust SiteMinder users with a Windowsidentity (NTLM or LDAP) by initializing their applica-tion security context with eTrust SiteMinder.

Auditing and Reporting Administrators need to know who is doing what andwhen. eTrust SiteMinder auditing logs all activitythroughout the eTrust SiteMinder environment. eTrustSiteMinder stores the audit information in a flat file orrelational database. When you set up eTrust SiteMinderto store information in a relational database, you canuse commercial reporting solutions to present thatauditing information in any format required.

Changing federal laws, in-depth regulatory financialaudits, and increased security threats from externalhackers have all pushed access management auditingand reporting to the forefront of product feature sets.eTrust SiteMinder reporting supports granular infor-mation collection and analysis on access, activity,intrusion, and audit information to fulfill many ofthese reporting requirements.

Auditing eTrust SiteMinder audits all user and site activity,including all authentications and authorizations, aswell as administrative activity, and any changes to the

policy store. eTrust SiteMinder also tracks user sessionsso administrators can monitor the resources beingaccessed, how often users attempt access, and howmany users are accessing the site. Additionally, eTrustSiteMinder provides the ability to filter audit events(for example, record only failed authorizations), allow-ing the administrator to only track events of interest.

Reporting eTrust SiteMinder audit data can be used to buildreports, leveraging the reporting solution that yourcompany currently uses. eTrust SiteMinder providesstored procedures and sample Crystal Reports tem-plates. If you integrate Crystal Reports with eTrustSiteMinder, you can take advantage of the samplereport templates described below. If you use othercommercial reporting solutions, you can use theeTrust SiteMinder provided stored procedures to easily access the audit information in the databaseand build your own reports. Regardless of yourreporting solutions, eTrust SiteMinder provides youwith the data you need to generate reports like thosedescribed in this section.

Report drill down capabilities

eTrust SiteMinder reports begin with a summary of thedata in the report. Clicking on a summary item, suchas a date, user, or agent, allows administrators toview more detailed information. Drill-down detailscontain the following information:

• Time. Lists the exact times when each event occursfrom the oldest time to most recent.

• User. Contains the user name associated with thereported event.

• Agent. Lists the names of the agents where thereport event occurred.

• Administrator. The eTrust SiteMinder AccountUsername is listed.

• Category. Describes the type of event that waslogged.

• Description. Describes the actual event that occurredduring the time noted in the Report. When any category of event is logged as a rejection or failure,the color of the text on the computer screen is redand indicated by an exclamation (!) mark.

18

Activity reports

Activity reports show a variety of user, eTrust SiteMinderagent, and resource activity data at different levels ofgranularity. There are four types of Activity Reports:

• All Activity Report. Transactions and failures of allusers that occurred during the period of time covered by the report

• Activity by User Report. Users and their sessions,including the number of transactions and failuresthat occurred during the period of time covered bythe report

• Activity by Agent Report. Lists active agents andprovides information, such as the number of transactions and failures that occurred on eachagent during the reporting period

• Activity by Resource Report. Resources accessedduring the reporting period, including host names,the number of resources accessed, the number oftransactions, and the number of failed accessattempts

Intrusion reports

Intrusion Reports show failed authentication andauthorization attempts by users and or agents at different levels of granularity. The main intrusionreport is the All Failed Authentication and AuthorizationAttempts report, which lists all failed user authentica-tion, authorization and administration attempts bydate and time. This report is broken down into twosub-reports:

• Failed Authentication and Authorization Attempts by User

• Failed Authentication and Authorization Attempts by Agent

Administrative reports

The main administrative report is the AllAdministrative Activity report, which covers all administrative activity by date. It is broken down intotwo sub-reports:

• Activity by Administrator Report. Covers all administrative activity by administrator.

• Activity by Object Report Report. Covers all administrative activity by object (Administrator,Agent, Policy, and so on).

Each report contains columns of information includingTime, Administrator, and a brief description of theactivity.

Time series reports

Administrators can view two types of Time SeriesReports:

• Daily Transactions Report. Includes all successfuland failed authentications and authorizations by day.

• Hourly Transactions Report. Breaks the data furtherdown into successful and failed authentications by hour.

Time Series reports are displayed as bar charts. SeeFigure 8. Administrators can view a chart of all trans-actions, or view the authentications, authorizations, or administration transactions separately.

Figure 8. Time series reports

Enterprise Manageability eTrust SiteMinder includes enterprise site manageabilityfeatures that ease deployment and ongoing siteadministration through proactive centralized control of operating environments and monitoring of systemavailability and operating status.

OneView Monitor

eTrust SiteMinder OneView Monitor collects and dis-plays real-time operation status information, includingfailure alerts, about eTrust SiteMinder policy servers,agents, and other core components such as authenti-cation and authorization services. Information is pre-sented graphically so that administrators can rapidlyassess an entire environment with multiple policyservices, or the status of an individual component.When a problem is reported, administrators can scansummary information to review overall system status,identify components with failure alerts, and drill-downto obtain detailed status information.

In the event of a component failure, eTrust SiteMinderOneView Monitor can display and alert an administra-tor right away so that no time is wasted in reportingthe problem. Administrators can then take pro-activeaction to correct problems, possibly even before usersexperience any trouble.

19

0

20

40

60

80

100

120

1 2 3 4 5 6 7 8 9 10 11 12 13 14

Date

Transactions

0

2

4

6

8

10

3:00

pm

2:00

pm

1:00

pm

12:0

0 pm

11:0

0 am

10:0

0 am

9:00

am

8:00

am

7:00

am

6:00

am

5:00

am

4:00

am

3:00

am

2:00

am

1:00

am

12:0

0 am

12

Hour

Transactions

With the SNMP integration capability, administratorscan set up automatic recovery procedures based onfailure alerts. For example, a failure report can kickoffan e-mail message or a pager message to the personwho is closest to the problem. The recovery time canthen be reduced even further because the responsibleperson is alerted as quickly as possible.

eTrust SiteMinder OneView Monitor can be easily con-figured so that administrators can set up the displaysto report information exactly as they need it. They canfilter out data that might not be important to theirenvironment; they can sort data according to their priority; and they can specify update intervals to makesure they have fresh data when they need it.

Environment Collector

When problems are reported, it is critical to havedetailed information about all the operating compo-nents of the environment to help identify and isolatethe root cause of the problem and, if necessary, toreproduce the problem in a testing lab. Because asecurity solution interacts with many critical systemsdistributed worldwide that are owned by differentpeople or groups, it might take the security adminis-trator days to contact the right people to get all thedetails they need about all the components connectedto the security system. Even after the information iscollected, it could go stale very quickly as componentsget upgraded.

The eTrust SiteMinder Environment Collector providesa snapshot of the eTrust SiteMinder runtime environ-ment for any policy server in the enterprise. Whenproblems associated with a policy server crop up,administrators use eTrust SiteMinder EnvironmentCollector information to assess exactly what compo-nents the policy server is working with. With up-to-the-minute environment information, the securityadministrator can resolve the situation much faster.

The Environment Collector collects the following information about a policy server:

• User stores and databases being accessed by thepolicy server.

• Custom modules being used by the policy server.

• Agents that are interacting with the policy server.

• Registry information.

The type of information collected includes the nameof the component, its version, patch levels, which policy server the component works with, how thecomponents are connected, and other environmentattributes that affect how eTrust SiteMinder operates.This information is stored in an XML file.

After glancing through the XML file report, adminis-trators can determine if any components requireupdating, if there are any version mismatches, and ifthe correct agents are deployed where needed.

When working with the eTrust SiteMinder supportteam to resolve a problem, administrators can sendeTrust SiteMinder Environment Collector informationto the support team. With accurate and up-to-datedata to work with, the support team will be able towork on reproducing and resolving the problem.

Test Tool

After a problem is reported, administrators must havethe correct tool to identify and isolate the cause of theproblem, so they can move quickly to resolve it. Theout-of-the-box eTrust SiteMinder Test Tool simulatesagent operations so that a policy server can be iso-lated from the agent environment. Once isolated, theadministrator can determine whether the policy serveris creating the problem or another component in theenvironment where the policy server is running.

The eTrust SiteMinder Test Tool can test the connectionto the policy server to see if it is down. If the connec-tion is available, the administrator can test the policiesassociated with the application that reported the problem. The administrator can run tests that check ifthe resource is protected, if the user is authenticated,and if the user is authorized for the resource. Debuginformation is also provided.

Logging and policy profiling

With useful logs of day-to-day system activities,administrators can prevent many problems from happening and troubleshoot problems quickly whenthey occur.

Policy server and agent logs are separate from tracinglogs to make log files easier to manage. Because sep-arate logs are smaller and easier to work with, admin-istrators also have more precise control over logverbosity because they can specify different verbositysettings for each log. In addition, administrators canapply tracing and logging settings without restartingthe policy server. For example, an administrator canadd a data field in the trace logs and eTrust SiteMinderadds the field automatically without restarting theserver.

Policy server and agent logging include the followingcapabilities:

• Agent and policy server logs can be correlatedthrough a transaction ID allowing the administratorto follow both agent and policy server operations tomore easily identify the problem. For example, whenmultiple agents are making requests to a policyserver, having a single transaction ID allows

20

administrators to isolate a call from a particularagent, providing more precise and relevant troubleshooting information.

• Logging profiles can be saved for quick retrieval andalternation between production and troubleshootingmodes. The output can be sent to either a systemconsole or a file.

Policy profiling, or trace logging, includes the followingcapabilities:

• Policy profiler (previously called the debug tracer)can trace policy server operations across policyserver components.

• Administrators can configure trace logs to generatedetailed and selective information. For example,they can configure trace logs to include feedback onselected operations in specified components, suchas a source file or an IP address in data fields.

• Multiple output formats are available for easier parsing of trace information and integration withother trace reporting systems. Output formatsinclude fixed width fields, XML, user-specified delimited fields, among others.

Error handling includes the following capabilities:

• Accurate and comprehensive information about theoperation of eTrust SiteMinder processes isrecorded.

• System informational messages down to the functional level provide detail information.

• Administrators can filter errors by specifying precisecriteria, such as severity.

Centralized Agent Management eTrust SiteMinder provides central agent managementthat enables central and dynamical control and configu-ration of web agents. Additionally, central agent man-agement can logically group agents based on yourorganization.

When a new agent is installed on a web server, theinstallation process establishes a secure connectionwith the policy server and receives default configurationsettings. This increases security since the configurationinformation is moved from the web server in the DMZand resides in the policy store. With this configuration,the possibility of a security compromise of the config-uration information is significantly lower. Some arethe key benefits of this capability are:

• All configuration information is centralized andstored in the policy store, providing greater securityfor configuration information.

• It is easy to delegate administration for creating andmanaging the new centralized agent to the administrator who has organizational responsibilityfor the agent.

• Configuration templates make it very easy to configure multiple agents into logical groups.

• Web servers do not need to be re-booted when configuration changes are made.

Rapid Policy Deployment When new or modified policies are being deployed ina production environment, it’s important to fully testthose policies offline before they “go live,” lest inadvertent errors appear in the policy specificationthat cause serious security problems later on. That’swhy many enterprises use multiple staging environ-ments for developing, testing and deploying new policies. However, as environments grow in size, thenumber of policies can often make management ofthese environments quite challenging. Since re-entering policies can be laborious and error-prone,administrators need an automated way to move policies from one environment to another to simplifymanagement of larger environments.

With the import/export tool, eTrust SiteMinder easilyand automatically migrates entire policy structuresfrom one environment to another. For example, operators can change policy names and attributesto accommodate the new environment, such as newmachine names or IP addresses. The import/exporttool has the following capabilities:

• First-Time Deployment. Copy an entire policy config-uration from one environment to another and thenedit the configuration before or after the import.

• Incremental Deployment. Export individual policyobjects to new environments and overwrite the comparable object on the new system. Edit the configuration for first-time deployment, either beforeor after the import operation, simplifying re-testingand re-deployment of individual policies.

• Flexible Scripting Capabilities. Develop scripts in astandard text editor and store them in source codecontrol systems to maintain versioning.

• Import Object Mapping. Easily map, that is, rename,an imported object if the name is not unique.

21

Unattended installations

In large enterprises, administrators install eTrustSiteMinder Policy Servers and agents on many sys-tems. In many cases, these installations are the samefrom system to system. With unattended installationsin eTrust SiteMinder release r6, administrators useJava-based installation templates to automate theseinstallations. With automatic installations, eTrustSiteMinder can be rolled out faster to better meet theneeds of rapidly expanding global businesses.

The unattended installations use a platform-independ-ent Java installer, which allows the installation to runthe same way, with the same look and feel, on bothUnix® and Microsoft Windows operating systems.Administrators work with templates to specify how toinstall and configure a component, such as a webagent. Then, the templates can be re-used throughoutthe security environment to ensure a uniform andconsistent installation and configuration of the component. Template re-use saves the administratorfrom countless, repetitive installation procedures.

Command line interface

eTrust SiteMinder includes a full command line interface to leverage the power of Perl scripting andmake it easier to dynamically control the system. Allprogrammatic capabilities formerly available only to C and Java programmers are now accessible to developers using standard Perl scripts.

Through the range of eTrust SiteMinder APIs, compa-nies can use scripts to test and verify policies, examineconfigurations, and automate the routine chores com-monly performed. The Command Line Interface offersa complete scripting interface to the eTrust SiteMinderPolicy Server making customizations and proof-of-concepts easier and quicker.

Performance, Reliability,Scalability and Availability eTrust SiteMinder is used today in some of the world’slargest corporations and is designed to meet theneeds of corporations requiring a fast, efficient, 24x7 security solution for their extensive user and application services.

Performance eTrust SiteMinder provides extensive, fully tunable,caching facilities, so that all resource and policy infor-mation is available without requiring a call to eitherthe policy server or a directory. The policy server supports two-level policy caching, so that recentlyaccessed policy information is kept in a separate

cache that is searched before the regular policy cache.In addition, eTrust SiteMinder caches user attributes tooptimize LDAP calls. These caching facilities provideoutstanding performance, even for very large numberof users or policies.

Through independent tests conducted by MindcraftInc., eTrust SiteMinder has demonstrated industry-leading performance for user authentications andauthorizations. Figure 9 summarizes the outstandingperformance that eTrust SiteMinder offers.

Figure 9.

eTrust SiteMinder performance data on Windows NT and Unix

Bulk operations

Operations for initializing the policy server and forauditing run in bulk to ensure efficient runtime performance. Each time the policy server starts, it isinitialized by retrieving policy data from a policy store,which is defined in LDAP directory servers or ODBCdatabases. For ODBC database policy stores, thequery (SQL) statement operations for retrieving policies are combined, resulting in a minimal numberof retrieval operations and in quick initialization.

eTrust SiteMinder auditing transactions can be storedin a relational database using ODBC. When using a rela-tional database, bulk SQL statements and asynchro-nous database management operations make theprocess of storing records as quick as possible.

Authentication and authorization

When eTrust SiteMinder evaluates whether a resourceis protected, a very fast binary search algorithm isused. This algorithm results in rapid transaction timeswhen determining whether access control is requiredfor a resource.

The eTrust SiteMinder object cache groups rules withrealms for a more efficient search of policies to makeauthorization decisions. The cache is bound by size,not by number of entries, providing a rapid and predictable search of policies.

22

0

20,000

40,000

60,000

80,000

100,000

120,000

1 2 4

iPlanet LDAP

MS Active DirectoryLo

g-in

s Pe

r Min

ute

CPUís

Reliability, Availability and Scalability These optimizations enable rapid run-time performance,especially when working with large policy stores. Forexample, tests indicate that the policy evaluationresponse time for a policy store with one realm is thesame as the response time for a policy store with upto thousands of realms.

eTrust SiteMinder has been designed specifically tomeet the needs of e-business sites that must supporta large number of users with high authentication andauthorization rates. Though eTrust SiteMinder is easyto configure and deploy for small workgroup environ-ments, it can scale to large installations that supportvery large user or resource populations. eTrustSiteMinder provides outstanding scalability due to the following capabilities:

• Replication and Failover. Each web agent can beconfigured to communicate with multiple eTrustSiteMinder Policy Servers. If the current policyserver becomes unavailable, the agent automaticallyestablishes a connection with the next policy serverand continues processing. This operation is trans-parent to the user. For increased availability, in the event of a failure, eTrust SiteMinder provides automatic restart of all server processes. eTrustSiteMinder also provides the failover mechanism foruser directories, that is, if the current user directoryis unavailable, the policy server automatically estab-lishes a connection with the next user directory.

• Load Balancing. eTrust SiteMinder supports auto-matic load balancing, which significantly improvesthe scalability and performance of eTrust SiteMinderin large deployments. The web agent distributes mul-tiple user requests across multiple policy servers. Thepolicy servers can also load balance their requestsacross a set of directory servers. In this way, eTrustSiteMinder can distribute its system load acrossother servers to improve overall system throughput.

Policy Server Clusters

Administrators can group multiple policy servers intoa cluster that works with a set of agents. With clusters,administrators get powerful new features for managingclusters to derive the most efficient service from them.

Any set of policy servers can be clustered, based oncriteria that are important to the security systemimplementation. An administrator might choose tocluster policy servers for a number of reasons, includ-ing: physical location, resources they are protecting,organizations they are supporting, or machine speedand memory. For example, when clustering policyservers according to geography, an administrator cangroup policy servers in one area to make sure agent

requests are handled locally. Policy servers in a clus-ter can be running on different platforms or physicallylocated in different places. As a result, clustering isviable in both homogeneous and heterogeneous policy server environments.

Clustering offers administrators these features:

• Dynamic Load Balancing. Dynamic agent-to-policyserver load balancing allows higher levels of pro-cessing loads to get allocated to faster serverswithin the cluster. More effective load balancingincreases maximum system throughput becauseagents get served by the policy server that can providethe fastest response at any given time. Agents willbe served by a policy server instance within the clus-ter that previously provided the best response time.

• Automatic Failover. Agents are decoupled from pol-icy servers. As a result, agents transparently failoverfrom one cluster to another, according to criteriaestablished by the administrator. When the numberof available policy servers in cluster falls below thecriteria, agent requests are automatically sent toanother cluster without interrupting service.

With these features, the administrator can easily scalepolicy servers to meet increasing service requests ingrowing enterprises.

Security A security system is only as strong as its weakest link.That’s why it’s critical that all components and com-munication paths be secure, so that intruders cannotcompromise the overall system security by stealingpasswords or impersonating other users. eTrustSiteMinder offers security at each point in its operation.

More specifically, it provides several capabilities toensure that data and applications are not compromised.

Data Confidentiality eTrust SiteMinder encrypts all data and control infor-mation that passes among components. All trafficamong the policy server, the web agent, and theadministrative interface is sent over TCP using 128-bitRC4 encryption, providing very strong confidentiality.All user cookies are encrypted using RC2. Encryptionkeys are generated automatically and randomly by thepolicy server. This operation is totally transparent tothe administrator, though a re-generation of the keyscan be forced at any time, or at any regular interval,for added security.

23

Mutual Authentication Administrators must ensure that a server is not animpostor collecting sensitive information such as,credit card numbers. Both the web agent and thepolicy server authenticate themselves to each other,using a shared secret to encrypt an authenticationmessage. This secret is never passed over the network,even in encrypted form, and so cannot be stolen fromthe network. This technique ensures the structuralintegrity of the eTrust SiteMinder components them-selves, so that an eavesdropper cannot steal usefulinformation, nor impersonate an eTrust SiteMinderserver or agent.

Revocation of User Credentials Some sites need to immediately revoke access controlprivileges of a specific user; for example, when anemployee is terminated. eTrust SiteMinder supports arapid response through the use of commands to flush specific information from the web agent cache. Thefollowing operations are available both through theadministrative interface and through the API.

• Flush the user cache

• Flush the resource cache

• Flush both caches

• Flush all resources in a specific realm

• Flush a specific user entry in the user cache

Encrypted Session Cookies The eTrust SiteMinder session cookie is a RC4, 128-bit-encrypted session ticket that has browserinformation, time, Distinguished Name, an encryptedseed, and other information not disclosed in thispaper for security reasons. All these fields areencrypted and randomly ordered.

eTrust SiteMinder does not embed IP or passwordinformation in the cookie sent back to the browser.Many homegrown and competing products make themistake of including IP information, causing massivefirewall problems in network address translation(NAT) environments.

The eTrust SiteMinder session cookie has been testedand approved by the security committees of DeanWitter, E*Trade, WellsFargo, Citigroup, AmericanExpress, BancOne, Bank of America and other largefinancial companies. In addition, eTrust SiteMinderoffers an optional Reverse Proxy Server solution thatallows a customer to use various means of sessioncontrol: a standard eTrust SiteMinder session cookie,SSL ID, miniature cookie for wireless solutions, orencrypted URLs.

Session and Idle Timeouts Companies can centrally define both idle and sessiontimeouts for individual applications. For example, asensitive finance application might have an idle time-out of two minutes when there is no browser action.The application can also have a maximum user-sessiontime which will automatically logout users after aspecified period of time.

Rolling Keys eTrust SiteMinder can centrally and automatically rollover all keys that agents use to encrypt/decrypt cookies.Without the eTrust SiteMinder automatic rollover, ITadministrators would need developers to implement arollover scheme themselves, which is extremely difficult to do. eTrust SiteMinder’s rolling keys makesthe eTrust SiteMinder cookie extremely securebecause it can be done simply, easily, and reliably byeTrust SiteMinder and relieves companies from havingto rely on home-grown implementations.

Administrators can also automatically generate andreset trusted host keys by delivering them securely tothe trusted hosts, without requiring that the policyserver or agent be restarted. The administrator canspecify how often shared secrets are reset accordingto a schedule that is best for their environment—hours, days, weeks or months. Administrators can dis-able automatic shared secret rollover for specifictrusted hosts and continue to perform manual sharedsecret rollovers, if required.

Hardware Stored Encryption Keys eTrust SiteMinder has partnered with nCipher, theindustry leader in hardware-based encryption, toimplement storage of the host encryption key in hard-ware. This hardware technology adheres to industrystandards and allows for highly secure yet flexible keymanagement. nCipher’s HSMs incorporate the use ofsmart cards (“tokens”) and a card-reading device tosecurely manage the encryption keys. Using nCipher’sHSM, the key management functionality within theeTrust SiteMinder environment supports true random-number key generation, back-up, fail-over, and archiving capabilities in a FIPS 140-1 certified module.

LDAP Protection from Denial-of-service Attacks As noted in Carnegie Mellon, CERT 2001-18(http://www.cert.org/advisories/CA-2001-18.html),LDAP directories are extremely susceptible to denialof service (DOS) attacks. eTrust SiteMinder eliminatesthese DOS attacks by placing a eTrust SiteMinderPolicy Server between the web server and the LDAPdirectory.

24

In addition, eTrust SiteMinder ensures that packetsattempting authentication match the eTrustSiteMinder-encrypted key before passing on authenti-cation or authorization attempts to the policy server.This chokes off DOS attacks on the eTrust SiteMinderinfrastructure.

Protection from Cross-Site Scripting A cross-site scripting (CSS) attack can occur when theinput text from the browser (typically, data from apost or data from query parameters on a URL) is displayed by an application without being filtered forcharacters that may form a valid, executable scriptwhen displayed at the browser. For example, an attackURL can be presented to unsuspecting users. When itis clicked, an application could return to the browser adisplay that includes the input characters, perhapsalong with an error message about bad parameters onthe query string. The display of these parameters atthe browser can lead to an unwanted script being executed on the browser.

eTrust SiteMinder agents support various options tofilter attacks by bad characters in the URL. Usingthese agent configuration options, the administratorcan specify bad CSS, URL and query characters thatthe agent uses to block or filter and prevent attacks.

Unique Secure HTTP Header Passing Through the central eTrust SiteMinder user interface,administrators can pass user store attributes throughHTTP headers to applications through the eTrustSiteMinder web agent into the inbound channel of theweb server. Since the eTrust SiteMinder filter is thedominant filter, it can overwrite all other filters toensure header validity. In addition, this inbound channel is not visible to external users in the DMZ.That means no firewall port, from the web server tothe user store (LDAP, MS/SQL, Oracle, Novell), needsto be opened. eTrust SiteMinder can pass these userstore attributes to the application through itsencrypted channel. What’s more, the channel from thepolicy server to the web agent is RC4-128-encrypted.

Advanced Web Agents eTrust SiteMinder does not put authentication orauthorization logic on a web server, a common mistakeof homegrown and competitor products. InsteadeTrust SiteMinder employs unique web agent filters(NSAPI– Netegrity, ISAPI – Microsoft IIS, DSAPI –Domino and Apache Modules) that integrate with andoperate as part of the web server. Web agent filtersare much more secure than storing authorization andauthentication processes on the web server. All secu-

rity logic resides behind the DMZ in the protectedeTrust SiteMinder Policy Server. This architectureensures security by not exposing any access logic orpolicies in the DMZ.

eTrust SiteMinder DeveloperCapabilities The eTrust SiteMinder Software Developers’ Kit (SDK) supports the development of custom applications toembed eTrust SiteMinder in their environment, and toextend the capabilities of eTrust SiteMinder. Java andC APIs are provided to offer developers a choice ofprogramming languages. Both interfaces contain sev-eral sets of APIs. Each set lets developers implement aparticular feature, such as developing a custom agentusing the Java APIs or extending an authorizationscheme using the C APIs. Both client-side and server-side APIs are provided in Java and C. Both C and Javaagent APIs can also run on Linux.

Creating Custom Agents The Agent API is used to build custom agents forenforcing access control and managing user sessions.Enforcing access control consists of authentication,authorization, and auditing of the user. The Agent APIworks in tandem with the policy server to greatly simplify application development while increasingapplication scalability with respect to the number ofapplications and resource-privilege pairs.

Additional capabilities provided by the Agent APIinclude full session management support, notificationsfor agent key rollovers, real-time policy updates, policy server fail over, load balancing and logout reason codes. With logout reason codes exposed,developers implement client applications that set finergranularity in reporting why a logout was initiated. Inaddition, logout codes can be used to write separateevent handlers to handle the different logout events.The logout codes include: Idle Timeout, SessionTimeout and Explicit Logout. The availability of theselogout reason codes provides more and better auditinginformation about user activities.

Single Sign-on Support for Custom Agents Custom agents built with the Agent API can participatein a single sign-on environment with standard eTrustSiteMinder web agents. Using the Cookie API, customagents can also create third-party SMSESSION cookiesthat can be accepted by standard eTrust SiteMinderweb agents. Customers have the option to enable ordisable the capability for standard eTrust SiteMinderweb agents to accept third-party cookies created by custom agents.

25

Managing the Policy Store The Policy Management API is used to manage all theobjects within the eTrust SiteMinder Policy Store. Withthe Policy Management API, companies can develop custom Policy Management interfaces to eTrustSiteMinder. For example, a developer can write anapplication that allows administrators to manage policies, policy responses, global policy configuration,authentication schemes and password policies, sharedsecret rollover for trusted hosts, and affiliate and affili-ate domain management functionality. Both program-ming and command line interfaces (CLI) are available.

Managing the User Store The DMS API enables management of objects within aeTrust SiteMinder user directory. Users of the DMS APIcan develop custom User Management applicationsusing eTrust SiteMinder that enable privileged users tocreate, add, modify and delete organizations, groups orusers. The DMS API performs the following tasks:

• Manage directory entries

• Discover user privileges

• Enable/disable users

• Grant DMS roles to users

• Paging and sorting when search LDAP directories orODBC databases

Using the DMS Workflow API, developers can addpre- and post-process functionality for specific DMSAPI. The DMS APIs available for specifying the pre-and post-process functionality include those used formodifications such as set, delete, and associations.The pre and post functionality is implemented as ashared library and is configured within the eTrustSiteMinder Policy Server Management Console.

Creating a Custom Authentication Scheme The Authentication API is used to develop plug-inmodules to the policy server. These APIs are used todefine new authentication schemes as well as customimplementations of known authentication schemes.Modules developed using this API are implemented asshared libraries and can be configured using the eTrustSiteMinder Policy Server Management Console. TheAuthentication API supports any type of user credentials:

Flexible Authorization The Authorization API is used to develop plug-in modules to the policy server for performing customauthorization functions. Modules developed using thisAPI are implemented as shared libraries. The modulescan be configured using the eTrust SiteMinder Policy

Server Management Console to define active rules,active policies, and active responses.

Adding a Directory Provider The Directory API is used to develop plug-in modulesto the policy server for implementing a custom userstore that eTrust SiteMinder does not support. eTrustSiteMinder supports the following namespaces for userdirectories:

• LDAP

• ODBC

• Microsoft Windows NT

• Custom

Using the Directory API, an interface can be built toany custom user directory or database.

Integrating with eTrust SiteMinder Events The Event API lets customers build custom handlersfor eTrust SiteMinder events. Through the Event API,eTrust SiteMinder can log events using outside sources,providers, or applications. Administrators can thenaccess the logged information through these othersources, providers, or applications. Using the EventAPI, developers can build applications to alert admin-istrators of eTrust SiteMinder activity. For example, anevent handler can send an e-mail to the administratorwhen the accounting server starts or someone createsa new policy.

Session Server API The Session Server API allows enterprises to storeapplication state information associated with the userand make it available to all applications as a sharedservice.

Creating a Secure Communication Tunnel The Tunnel Service API provides secure transfer ofdata between an agent and a shared library on a policy server that supports the Tunnel Service. Usethese APIs to develop tunnel services to securely communicate between the agents and the sharedlibrary on the policy server. When an agent sends atunnel request to the policy server, the request contains:

• The name of the service library

• The function to be called in the service library

• The data to be passed to the function

The policy server initializes the appropriate service,

26

invokes the requested function, and passes the data tothe function. Once the service has performed its task,the policy server returns the results to the agent.

Summary eTrust SiteMinder is one of the premier security solutions for global organizations because it can cost-effectively provide an efficient security accessmanagement solution that lets business in while keeping risk out:

• Reduce Administrative Costs. eTrust SiteMinderrobust set of administration tools makes it one of themost manageable security systems available today.With centralized tools, security administrators canmanage up to millions of users and secure thousandsof resources across the world, 24 hours a day, 7 daysa week. With security in such a heterogeneous,always available system being managed centrally,security administration expertise can be centralizedto significantly reduce total cost of ownership.

• Reduce Development Costs. eTrust SiteMinder readilyintegrates with existing applications so that applica-tions can take immediate advantage of its securityservices without having to be re-designed, re-builtand re-deployed. As a result, an eTrust SiteMindersecurity solution can be quickly deployed, withouthaving to rely extensively on programmers, who canthen concentrate on business logic.

• Enhance Users’ Experiences. eTrust SiteMinder’s single sign-on capabilities let users move from appli-cation to application, or site to site, without havingto sign on multiple times with different identitiesand passwords. For employees, single sign-on letsworkers get their work done more efficiently; and forcustomers, single sign-on lets users get the personal-ized information they need to do business easily andwithout frustration.

• Improve Security. eTrust SiteMinder provides cen-tralized authorization and authentication services toremove security enforcement from many hundreds orthousands of applications. With centralized securityenforcement, security is consistent, comprehensive,and reliable so that no holes are left open in aneTrust SiteMinder secured web environment.

• Improve Security System Manageability. With eTrust SiteMinder’s auditing, logging and reporting capabilities, administrators can keep eTrustSiteMinder running smoothly and efficiently by analyzing system activities and preventing problemsbefore they occur. When problems do occur, eTrustSiteMinder’s top-notch troubleshooting tools giveadministrators the information they need to resolvethe problem quickly so that security services remainavailable.

For More Information eTrust Identity and Access Management Website:www.ca.com/etrust

© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Thisdocument is for your informational purposes only. To the extent permitted by applicable law, CA provides this document “AS IS” without warranty of any kind, including,without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage,direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised ofsuch damages. MP279220605

Technical Whitepaper der v2

Documents

Transcript of Technical Whitepaper der v2