Introduction to Siteminder Federation

1
Introduction to Siteminder Federation

• Bhanu Prasad

2
Synopsis

• What is Federation?
• Requirements for Federation
• Federation Business Use Cases
• Siteminder Affiliate Agent
• Web-Agent Option Pack
• Policy Server Option Pack
• Solution to Use Cases

3
What is Federation?

• Federation stands for a collection of similar but
  often independent objects.
• Ex.,. A federation of states
• Federation, in identity management, refers to set
  of procedures and standards that aid towards
  co-operation of different IdM entities.

4
What is Federation?

• Federation aids in co-operation between different
  IdMs, often between different IdM systems.

5
Requirement to be met by Federation

• Exchanging user information between partners in a
  secure fashion
• Establishing a link between a user identity at a
  partner and a user identity in your company
• Handling different user session models between
  partner sites, such as single logout across all
  partner Web sites or separate sessions for each
  partner Web site
• Controlling access to resources based on user
  information received from a partner

6
Federation Business Use cases

• This section describes the common problems that
  have to be solved by Federation
• These scenarios are from the point of view of a
  business analyst, not from the brain of a IdM
  Architect.
• Siteminder Federation offers a solution to each
  one of these scenarios

7
Federation Business Use Cases

• Single Sign-on Based on Account Linking
• Single Sign-on Based on User Attribute Profiles
• Single Sign-on with No Local User Account
• Extended Networks
• Single Logout
• Identity Provider Discovery Profile
• User Authorization Based on a User Attribute
• SSO Using Attributes from a Web Application
• SSO with Dynamic Account Linking at the SP

8
Federation Business Use Cases

• A) Single Sign-on Based on Account Linking

9
Federation Business Use cases

• B) Single Sign-on Based on User Attribute
  Profiles

10
Federation Business Use Cases

• C) Single Sign-on with No Local User Account

11
Federation Business Use Cases

• D) Extended Networks

12
Federation Business Use Cases

• E) Single Logout

13
Federation Business Use Cases

• F) Identity Provider Discovery Profile

14
Federation Business Use Cases

• G) User Authorization Based on a User Attribute

15
Federation Business Use Cases

• H) SSO Using Attributes from a Web Application

16
Federation Business Use Cases

• I) SSO with Dynamic Account Linking at the SP

17
Siteminder Federation Components

• Siteminder Affiliate Agent
• Siteminder Webagent Option Pack
• i) Federation Web Service Application
• Policy Server with Option Pack

18
Siteminder Affiliate Agent

• It has two parts
• a)Web-Server Plugin b) Affiliate Server

19
Siteminder Affiliate Agent

• A) Roles of the Affiliate Agent
• a) SAML Assertion Consumer.
• b) Notifications of Activity at the
  Consumer
• c) Shared Sessions

20
Typical Scenario of An Affiliate Agent
21
Web-Agent Option Pack

• WebAgent Option Pack installs a Java
  Web-Application called Federation Web
  Services(FWS)
• FWS acts as SAML Consumer,

22
Policy Server Option Pack
23
Single Sign on Based on User Linking
24
Single Sign on Based on User Attribute Profiles
25
Single Sign-on with No Local User Account
26
Extended Networks
27
Single Logout
28
Identity Provider Discovery Profile
29
User Authorization Based on a User Attribute
30
SSO Using Attributes from a Web Application
31
SSO with Dynamic Account Linking at the SP