Wednesday, April 30, 2014

New Features in Siteminder R12.5

Following are the new features that got added to Siteminder 12.5 version: 

Agent Discovery

The Agent Discovery feature discovers instances of different types and versions of CA SiteMinder agents. Once discovered, you can view agent-specific details such as version, state, and so on. You can also view a list of agents deployed on various hosts in your enterprise and delete the unwanted agent instance entries from the list.

Authentication Context Support

In access control request processing, the authentication phase processes information about user identity and the authorization mechanism. This information that is taken together is named the authentication context.
In previous releases of SiteMinder, the duration of the authentication context was limited to the authentication phase. In this release, you can optionally store the authentication context as sessions variables in the session store. Administrators can configure responses and policies to use session variables.

Administrative Scoping Using Workspaces

SiteMinder Administrators are assigned rights to one or more security categories that define their administrative authority in the Administrative UI, such as managing authentication schemes.
Now Siteminder Admin can assign right to more granular level. 

CA Directory Session Store

Now CA Directory can be used as Session Store. 

Enhanced Directory Mapping Using Identity Mapping

Siteminder Identity Mapping is mainly used for mapping different directories. 
Identity Mappings provide an enhanced method of mapping users from a Source Directory to a Target Directory using custom search criteria. You can use Identity Mapping for both user authorization and user validation.
Identity Mapping enables custom search and also lets you control the order of mapping rules using different identity mapping entry objects.

OpenID Authentication Scheme

The OpenID authentication scheme lets SiteMinder users submit credentials through an OpenID provider. The OpenID provider authenticates the user and sends SiteMinder an authentication response. The Policy Server verifies the authentication response, completes the authentication process, and authorizes access to the resource.

Policy Server Log Messages Added to the Profiler Log

If Policy Server profiler is enabled, all Policy Server log messages are written to the following, previously it used write only to smtrace but now all the logs related to policy server in trace mode are being written to smps log also. In this case we need to take care of log size and log rotation of smps log. As smps log have seperate settings and trace generates huge amount of log. 

  • The Policy Server log file (smps.log).
  • The Policy Server profiler log. The default profiler log is smtracedefault.log.

Protecting the Administrative UI with SiteMinder

With this feature Admin UI can be protected using Siteminder but we need to have proxy in place. By default Admin UI comes with only native authentication with users created/assigned in Admin UI and super user that is Siteminder. 

Hardware Load Balancing for Agent to Policy Server Communication

SiteMinder now supports the use of hardware load balancers configured to expose multiple Policy Servers to SiteMinder Agents through one or more virtual IP addresses. In previous versions we have only option to add individual policy server to HCO and make it load balancing or fail over and we don't have option to use Hardware Load Balancing for Policy Servers. 
Now we have option to create VIP (Virtual IP) for set of policy server and we can provide VIP Agent for communication. 

Thanks !!!

No comments:

Post a Comment

Other Posts