Hello there!
Need Help? We are right here!
Need Help? We are right here!
Search Results:
×CA SiteMinder is an enterprise product that enbales centralised and secure Web access management. For all Web-based apps, SiteMinder enables policy based authentication and single sign-on.
Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access into CA SiteMinder using a single set of login credentials. You can log into CA SiteMinder using miniOrange credentials or Azure AD credentials or any of your existing identity providers. With miniOrange SSO services, along with CA SiteMinder you can also login into other On-Premise and Cloud Applications using your existing Identity Providers/User Store (Azure Active Directory, Okta, Ping) credentials. Follow the given setup guide to integrate SAML SSO for your CA SiteMinder account.
miniOrange is an IT security and services company (vendor). As an IT security outsourcing company, miniOrange firmly believes in complete satisfaction of its customers who are looking for security outsourcing companies and vendors. As one of the leading information security companies, miniOrange provides the following Single sign on (sso) services for its customers.
In addition to the above, as more and more companies are putting their data on the cloud, they are concerned about protecting that data and make it available only for authorized users. As an IT security outsourcing company, miniOrange firmly believes in implementing strong authentication methods to access resources on the cloud. As one of the leading information security companies, miniOrange provides the following authentication services for its customers.
As recent attacks on various online portals and cloud apps show us that you can put up the best authentication method out there and hackers will find a way to get past that. The best way to authenticate users in the cloud is to dynamically calculate the risk of authorization based on device, location, time of access and behavior. As one of the leading information security companies, miniOrange provides the following dynamic authentication for its customers
Fraud Prevention services (Risk based access, Adaptive authentication, Dynamic authentication, dynamic assessment of risk)
If you are in any kind of network, LAN, WAN or Virtual private network(VPN), you must have heard about an ancient protocol called Remote Authentication Dial In User Service (RADIUS).Its a networking protocol that provides centralized authentication and authorization. As an IT security outsourcing company with specialization in Remote Authentication Dial In User Service (RADIUS), miniOrange firmly believes in implementing RADIUS pass through authentication for its customers. As one of the leading information security companies, miniOrange provides the following Remote Authentication Dial In User Service (RADIUS) for its customers
Half the world uses Microsoft technologies and most of them use an Active Directory (AD) for authentication and authorization. Active Directory Federation Services (AD FS) is designed to provide single sign on for users using windows technology. As an IT security outsourcing company with specialization in windows, miniOrange firmly believes in implementing Active Directory Federation Services (AD FS). As one of the leading information security companies, miniOrange provides the following Active Directory Federation Services (AD FS) for its customers
In addition to the above, miniOrange's core expertise is in writing security software. As one of the leading information security companies, miniOrange provides the following security services for its customers
Thousands of customers can not manage their own sites anymore because sites have grown in number and they easily become un-manageable. Thanks to Siteminder technology by CA, there is a way these sites can be managed. But how about access to these sites!!! You will need miniOrange technology to not only install, configure Siteminder but also write custom agents that can plugin with your choice of authentication and authorization software. As one of the leading information security companies, miniOrange provides the following Siteminder services for its customers
As a trusted provider of cloud based single sign on, user authentication and fraud prevention solution, miniOrange has helped a number of customers with their most critical areas by effectively managing risks and achieving compliance.
miniOrange provides user authentication solutions which help Retailers secure their transactions and protect their customer data via Strong Authentication, Fraud prevention and Single Sign on Solutions while effectively managing risks and achieving regulatory compliance
Get to know how miniOrange configures Siteminder Policy Server and does Agent Installation. The diagram below depicts how a user is authenticated:
Prerequisites - ACCESS TO SITEMINDER POLICY SERVER
You need to login to the machine where Siteminder Policy Server is installed.
You will require admin credentials to the Siteminder Policy Server installation.
On the policy server, open the policy server user interface in either of the following ways:
Go to Start > All Programs > SiteMinder > Netegrity Policy Server User Interface
Open a browser and enter the following:
http://localhost/siteminder/smadmin2.html
Click on the Administer Policy Server button and enter the admin credentials.
Browse the policy server and note the following:
Host Configuration Object: System->Host Configuration Object
This value is required to register the agent.
User Directory: System->User Directories
Select a directory from the list that will process authentications. This directory is associated with processing authentication requests. It is required to install the policy server configuration objects. It should have a uid setup for the siteminder admin user.
SITEMINDER POLICY SERVER CONFIGURATION & AGENT INSTALLATION
The miniOrange-Siteminder Agent can be installed in three easy steps.
INSTALL POLICY SERVER CONFIGURATION OBJECTS ON SITEMINDER
Update the following properties in the <INSTALL_DIR>/conf/application.properties check the previous section for more details.
This should be set to the IP address of the machine where the agent is being installed. agent.ip
This is the location of the SmHost.conf file. It is created by the registerx86.bat file. This file needs to exist and be valid for the agent to install and startup. agent.smhost.conf
This is the agent name to create on the policy server. THIS SHOULD BE UNIQUE. agent.name
This is the agent configuration object name to create on the policy server. THIS SHOULD BE UNIQUE. agentconf.name
This is the name of the domain to create on the policy server. It contains the login realm and is mapped to the selected user dir. THIS SHOULD BE UNIQUE. domain.name
This is the login realm that will be created under the domain on the policy server. THIS NEEDS TO BE A UNIQUE NAME. loginrealm.name
On the command prompt, type installx86.bat. It will use the following prompts to gather and confirm information before installing. It uses the agent, agent configuration name, domain name and login realm name from application.properties. Enter the following values when prompted during the install script:
Siteminder Admin Username
Siteminder Admin Password
Select a User Directory
Confirm Installation Parameters
It validates if the following objects are already created. If they are, then the install is reverted.
Agent Name should be unique.
Agent Configuration name should be unique.
Domain name should be unique.
Login Realm Name should be unique.
If all are valid, the policy server configuration is successfully created and the install completes.
UPDATE SITEMINDER REALM(S) TO POINT TO THE NEWLY CREATED AGENT
The realms that need to be protected by this agent need to be updated in the Siteminder policy server GUI. It should be a protected realm and point to the user directory that is used for authentications.
Login to the Siteminder Policy Server User Interface as mentioned in the Prerequisites section.
Find the realm in the siteminder GUI.
In the resource tab, update the agent name to point to the newly created agent
In the Advanced tab,
Ensure that the Directory Mapping to point to the User Directory used for authentication.
Ensure that both check boxes at the bottom - Process Authentication Events and Process Authorization Events are checked.
INSTALL/UNINSTALL THE AGENT AS A WINDOWS SERVICE
Open a command prompt as an administrator and go to the <INSTALL_DIR>
To install the service, type install-uninstall-service.bat install. This will install the agent as a windows service. The service is installed as -miniOrange Web Agent.
This will install the agent as a windows service.
Open Services Administrative Console to manage the service.
Find miniOrange Web Agent Service
It should be installed.
It should not be running.
Start the service from the console.
Start the SecureAuth Web Agent service from the Windows Services Console.
It takes a few minutes for the agent to get started and running. You should wait for 2-3 minutes and you can review the logs mentioned in the next section to check the status of the startup.
ALWAYS check the status in the logs to ensure that jetty and miniOrange agent started properly.
To uninstall the service, type install-uninstall-service.bat remove
The logs are available under the \logs.
Jetty_yyyy_mm_dd.log - This captures the jetty logs.
miniOrange-webagent.log - This captures the agent requests.
VERIFICATION
Review the logs to ensure that the service started properly.
Once the agent is started, you can start the Google Chrome Advanced Rest Client App and verify the following:
Agent Deployed Services
Authentication Service
This service is used to authenticate users using userid and password. It can also take a token as an input parameter.
Session Data Service
This service is used to extract the token information. URL: http://:/token/session-info
Authorize Data Service
This service is used to check if the user is authorized access to a resource or not. It can use either a valid token or a valid userid/password to authorize. URL: http://:/token/authorize
Bulk Authorize Data Service
This service is used to check if the user is authorized access to multiple resource or not. It can use either a valid token or a valid userid/password to authorize. URL: http://:/token/bulk-authorize
SITEMINDER POLICY SERVER CONFIGURATION
You will need to login as an administrator to the Siteminder policy server to be able to see all these configurations that are automatically performed by the installx86.bat step above. For more details on configuring the policy server, you can refer to the CA Siteminder Policy Server Configuration Guide.
Create an agent
Give the agent a unique name, description.
Set the type as a Web Agent.
The IP address can be the IP address of the policy server.
Provide a shared secret for the agent.
Create an Agent Configuration Object(ACO)
Give the agent configuration object a unique name and description.
Create the following configuration values in the ACO:
Parameter Name: DefaultAgentName, Value:<Agent Name created in Step 1>
Parameter Name: DefaultAction, Value:<Action to use for authorization - GET>
Parameter Name: LoginResource, Parameter Value:<The realm name associated with logins>
Create a Host Configuration Object
This can be a copy of the existing Host Configuration Objects present on the policy server. Make sure that the Policy Server Configuration Parameter points to the correct IP of the Policy Server.
Setup a User Directory (that already exists)
This can be a copy of the existing Host Configuration Objects present on the policy server. Make sure that the Policy Server Configuration Parameter points to the correct IP of the Policy Server.
Create a Host Configuration Object
Create a User Directory Object that points to an LDAP server that is setup to handle authentications.
Make sure that the Root Configuration is setup correctly until the uid. Eg.
dc=hq,dc=multifa,dc=com,dc=local.
Create a Login Realm
This realm is used to authenticate users against the user directory. It should be a protected realm and point to the user directory that is used for authentications. The resource of this realm should match the login realm resource associated with the agent configuration object created in Step "Create an ACO->Parameter Name".
Give the login realm a name.
In the resource tab,
Setup the agent name used in Step "Create an Agent -> Give agent unique name, description".
Setup a resource filter with the same name used in Step "Create an ACO->Parameter Name".
Setup the authentication scheme as Basic.
Setup the Default Resource Protection as Protected.
In the Session tab,
Set the Max Session Timeout Enabled to the max session timeout value.
Set the Idle Session Timeout to the idle session timeout value.
In the Advanced tab,
Set the Directory Mapping to point to the User Directory created in Step "Setup a User Directory (that already exists)". This will be used for authentications.
Make sure that both check boxes at the bottom - Process Authentication Events and Process Authorization Events are checked.
External References:
What is SSO