Wednesday, April 30, 2014

New Features in Siteminder R12.5

Following are the new features that got added to Siteminder 12.5 version: 

Agent Discovery

The Agent Discovery feature discovers instances of different types and versions of CA SiteMinder agents. Once discovered, you can view agent-specific details such as version, state, and so on. You can also view a list of agents deployed on various hosts in your enterprise and delete the unwanted agent instance entries from the list.

Authentication Context Support

In access control request processing, the authentication phase processes information about user identity and the authorization mechanism. This information that is taken together is named the authentication context.
In previous releases of SiteMinder, the duration of the authentication context was limited to the authentication phase. In this release, you can optionally store the authentication context as sessions variables in the session store. Administrators can configure responses and policies to use session variables.

Administrative Scoping Using Workspaces


SiteMinder Administrators are assigned rights to one or more security categories that define their administrative authority in the Administrative UI, such as managing authentication schemes.
Now Siteminder Admin can assign right to more granular level. 

CA Directory Session Store


Now CA Directory can be used as Session Store. 

Enhanced Directory Mapping Using Identity Mapping


Siteminder Identity Mapping is mainly used for mapping different directories. 
Identity Mappings provide an enhanced method of mapping users from a Source Directory to a Target Directory using custom search criteria. You can use Identity Mapping for both user authorization and user validation.
Identity Mapping enables custom search and also lets you control the order of mapping rules using different identity mapping entry objects.



OpenID Authentication Scheme


The OpenID authentication scheme lets SiteMinder users submit credentials through an OpenID provider. The OpenID provider authenticates the user and sends SiteMinder an authentication response. The Policy Server verifies the authentication response, completes the authentication process, and authorizes access to the resource.



Policy Server Log Messages Added to the Profiler Log

If Policy Server profiler is enabled, all Policy Server log messages are written to the following, previously it used write only to smtrace but now all the logs related to policy server in trace mode are being written to smps log also. In this case we need to take care of log size and log rotation of smps log. As smps log have seperate settings and trace generates huge amount of log. 

  • The Policy Server log file (smps.log).
  • The Policy Server profiler log. The default profiler log is smtracedefault.log.

Protecting the Administrative UI with SiteMinder


With this feature Admin UI can be protected using Siteminder but we need to have proxy in place. By default Admin UI comes with only native authentication with users created/assigned in Admin UI and super user that is Siteminder. 

Hardware Load Balancing for Agent to Policy Server Communication

SiteMinder now supports the use of hardware load balancers configured to expose multiple Policy Servers to SiteMinder Agents through one or more virtual IP addresses. In previous versions we have only option to add individual policy server to HCO and make it load balancing or fail over and we don't have option to use Hardware Load Balancing for Policy Servers. 
Now we have option to create VIP (Virtual IP) for set of policy server and we can provide VIP Agent for communication. 

Thanks !!!

Monday, April 28, 2014

Siteminder Upgrade from R6.0 to R12.5 Data Flow Diagrams

Over All Flow: 



LDAP Policy Store


ODBC Policy Store:



WAM UI FlowChart:


Web Agent Upgrade:



Source: https://communities.ca.com/web/ca-identity-and-access-mgmt-distributed-global-user-community/wiki/-/wiki/Main/Upgrade+Data+Flows#UPGRADE

Thanks !!!

Wednesday, April 9, 2014

Valgrind : Tool for Management of Linux Memory Leakage and Consumption

Valgrind is a free and open source software, which is mainly used to analyze memory usage and management of different Linux operating systems. 

It can be downloaded under: http://valgrind.org/downloads/old.html

Valgrind is an instrumentation framework for building dynamic analysis tools. There are Valgrind tools that can automatically detect many memory management and threading bugs, and profile your programs in detail. You can also use Valgrind to build new tools.
The Valgrind distribution currently includes six production-quality tools: a memory error detector, two thread error detectors, a cache and branch-prediction profiler, a call-graph generating cache and branch-prediction profiler, and a heap profiler. It also includes three experimental tools: a stack/global array overrun detector, a second heap profiler that examines how heap blocks are used, and a SimPoint basic block vector generator. It runs on the following platforms: X86/Linux, AMD64/Linux, ARM/Linux, PPC32/Linux, PPC64/Linux, S390X/Linux, MIPS32/Linux, MIPS64/Linux, ARM/Android (2.3.x and later), X86/Android (4.0 and later), X86/Darwin and AMD64/Darwin (Mac OS X 10.7, with limited support for 10.8).

More Info: 


Thanks !!!

Other Posts