PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES CA SiteMinder Federation Security Services CA SITEMINDER FEDERATION SECURITY SERVICES EXTENDS THE WEB SINGLE SIGN-ON EXPERIENCE PROVIDED BY CA SITEMINDER WEB ACCESS MANAGER (CA SITEMINDER WAM) TO APPLICATIONS AND PORTALS PROVIDED INTERNALLY BY OTHER ORGANIZATIONAL BUSINESS UNITS, OR EXTERNALLY ON THE INTERNET BY PARTNERS OR APPLICATION OUTSOURCERS. Overview Benefits The CA Advantage Your customers, partners and employees fully expect access to your critical applications, information and services anywhere and at any time. The rapid buildup of application outsourcing, software-as-a-service, and other IT-enabled business-tobusiness partnerships does not change this. It does however, raise a new set of security management challenges when attempting to manage security across the Internet. Identity federation was explicitly invented to address these new security challenges. CA SiteMinder Federation Security Services enables you to secure, manage, and monitor access to federated Web applications. The ability to quickly federate Web applications enables you to: More quickly leverage new partner dependent business opportunities Improve the user experience through single sign-on (SSO) Better manage costs Improve application security Ease regulatory compliance CA SiteMinder Federation Security Services is an integral component of CA SiteMinder WAM and delivers reliable, scalable and manageable federated access into and out of a SiteMinder protected domain. Adding this service to a CA SiteMinder WAM deployment enables your organization to act as an identity or service provider, or both with a given partner, providing support of industry standards and products such as SAML, WS-Federation, and Microsoft ADFS. CA SiteMinder Federated Security Services is part of CA s larger vision, Enterprise IT Manage - ment (EITM), which can help you unify and simplify IT manage ment across the enterprise.
CA SiteMinder Federation Security Services extends CA SiteMinder WAM with Federated SSO Internet technology has matured to the point that effective coordination and mass IT inte - gration between trading, outsourcing, and other business partners is now readily achievable and affordable. Moreover, the advent of widely adopted security and industry specific standards are easing the extension of today s enterprises by lowering the barriers to connecting business applications both within and across organizational boundaries, leveraging the Internet. The federated application and security integration of CA SiteMinder Federation Security Services enables your organization to reduce costs, more quickly seize new business opportunities, and provide greater convenience, choice, and control for your users. Key Capabilities MULTIPLE FEDERATION PROTOCOL SUPPORT CA SiteMinder Federation Security Services provides out-of-the box support for a wide range of federation standards including SAML 1.0, 1.1, and 2.0, as well as WS-Federation/Microsoft ADFS, thus providing enterprises maximum flexibility for federating with a wide range of external business partners and internal units. ENABLES CA SITEMINDER WAM TO ACT AS BOTH AN IDENTITY PROVIDER AND A SERVICE PROVIDER CA SiteMinder Federation Security Services enables a CA SiteMinder WAM deployment to function as both a SAML-based identity provider with configured application partners, as well as a service provider to receive remotely authenticated users as appropriate for the given partnership. With the support of the WS-Federation and Microsoft ADFS specification and product, CA SiteMinder Federation Security Services provides an equivalent claims-based federation support as well, enabling a CA SiteMinder Federation Security Services deployment to act as both an account partner as well as a resource partner. SINGLE SIGN-ON AND SINGLE LOGOUT With SAML 2.0 and WS-Federation/Microsoft ADFS, CA SiteMinder Federation Security Services provides both single sign-on (SSO) and single logout (SLO) functions across federated security domains. INTEGRATED USER ADMINISTRATION CA SiteMinder Federation Security Services benefits from the user administration capabilities of CA Identity Manager, enabling IT organizations to selectively delegate user administration and provide registration services for federated users, whether they are inside or outside the enterprise. PROVEN SCALABILITY AND MANAGEABILITY CA SiteMinder Federation Security Services, as a service deployed within CA SiteMinder WAM infrastructure, provides enterprise-class scalability that supports load balancing, fully tunable two-level caching, replication, and automatic failover. This proven scalability empowers your organization to deploy identity federation in high transaction volume environments with high availability and no loss of security. AUDITING CA SiteMinder WAM enables your organization to define auditable activities to be logged. In addition, CA SiteMinder WAM provides pre-defined, Web-based reports for user and administrative activity involving protected resources. Auditing and reporting lets managers track federated user activity, and analyze and correct security events and anomalies in the context of the web portals overall security activity. 2 PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES
FIGURE A 1. The user requests access to the portal at Organization A. 2. The user is challenged for authentication credentials that are collected by the web agent or the secure proxy server. 3. The user s credentials are passed to the CA SiteMinder policy server. 4. The user is authenticated against the appropriate user store. 5. The user attempts to access the secured portal at Organization B. 6. CA SiteMinder Federation Security Services generates a SAML assertion for that user and passes the assertion over to Organization B. 7. Security domain at Organization B intercepts incoming SAML assertion and disambiguates the user. The user experiences single sign-on across the Internet and secure access to the portal at Organization B. HOW CA SITEMINDER FEDERATION SECURITY SERVICES WORKS Note: In this scenario, Organization B is assumed to be using a SAML compliant solution from another vendor, or alternatively, Microsoft ADFS. CA SiteMinder Federation Security Services Improves Security and the User Experience, Mitigates Costs, and Eases Regulatory Compliance The Web is open for business around-the-clock, and CA SiteMinder WAM with CA SiteMinder Federation Security Services reliably and effectively enables your online presence to be secure, available and accessible to the right users, whether they are traditional users logging directly into your Web portal or users that are federating in and out via business partners. PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES 3
INCREASE BUSINESS OPPORTUNITIES CA SiteMinder Federation Security Services enables faster, easier, and more secure deployments of partner-based, collaborative applications, thus using IT and security to accelerate revenue enhancing business relationships, while still mitigating costs and reducing risk. INCREASE SECURITY TO MITIGATE RISKS Controlling access to outsourced applications is just as important as controlling access to internally deployed applications. With the advent of softwareas-a-service, ASPs, and other IT enabled business partnerships, controlling access to applica - tions on all parts of the IP network is critical. CA SiteMinder Federation Security Services enables federated applications to be a seamless part of your Web access management-based control environment. PROVIDE USERS WITH A POSITIVE ONLINE EXPERIENCE CA SiteMinder Federation Security Services extends the Web SSO experience of CA SiteMinder WAM with applications provided by or to partners, enabling seamless user access no matter where the target application is actually deployed. MANAGE COSTS CA SiteMinder Federation Security Services mitigates the cost of managing identities across a network of partners by more broadly leveraging the identity management, user authentication, and access management practices of the organization that best knows the user. No longer does every organization in a partner network need to proof and authenticate the user s identity and issue and manage the user s credentials through federation they can share this activity. This saves money that can be shared across the network of partners. Also, federated applications can significantly reduce the use of your help desk by aiding in getting access to outsourced applications. EASE REGULATORY COMPLIANCE Organizations can outsource applications, data, and transactional services, but they cannot outsource responsibility from an IT control, data privacy, and regulatory compliance point of view. With identity federation the standards-based security system bridges the Internet, enabling both the identity provider and the service provider to manage their end of the federated relationship consistent with their regulatory compliance responsibilities. BROWSER FEDERATION STANDARDS SUPPORT SAML 1.0, 1.1, 2.0 WS-Federation/Microsoft ADFS BROWSER FEDERATION FEATURES Identity Provider Service Provider Artifact Binding Post Binding Single Log-out Profiles ECP Attribute Authority Requester Attribute Authority Responder GSA eauthentication Profile 4 PRODUCT BRIEF: CA SITEMINDER FEDERATION SECURITY SERVICES
The CA Advantage CA SiteMinder Federation Security Services is part of the comprehensive CA Identity and Access Management solution that helps you protect your IT assets across all platforms and environments. As such, it contributes to your ability to optimize the performance, reliability and efficiency of your overall IT environment. The next step is to tightly integrate the control and management of distinct functions, such as operations, storage and lifecycle and service management, along with IT security. This higher level of management control supports CA s vision for Enterprise IT Management (EITM) which is to help you unify and simplify IT management across your enterprise. EITM is a dynamic and secure approach that integrates and automates the management of applications, databases, networks, security, storage and systems across departments and disciplines to maximize the full potential of each. CA s comprehensive portfolio of modular IT management solutions helps you to better manage risk, costs and service, and ensure that IT meets the business needs of your enterprise. CA Services and our partners can help you assess your current IT situation, define your goals and implement solutions to gain measurable results. To keep your CA solutions operating at peak performance, CA Support delivers unparalleled technical and customer support worldwide, and we offer training and certification through CA Education. CA Education a preferred source for IT management and best practices training is an important part of our services offering. We assess your training needs, create the right training plan for you and optimize the program with advanced coursework and industry certifications. Next Steps CA SiteMinder Federation Security Services enables you to configure, manage, and monitor federated Web applications, enabling your organization to reduce costs, more quickly seize new business opportunities, and provide greater convenience, choice, and control for your users. Its seamless integration with your existing CA SiteMinder WAM infrastructure enables you to deploy it as part of your existing Web security infrastructure without the need for 3rd-party components. To learn more, and see how CA software solutions enable other organizations to unify and simplify IT management for better business results, visit ca.com/customers. Copyright 2008 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. MP328900508 Learn more about how CA can help you transform your business at ca.com