CA SiteMinder SSO Agents for ERP Systems



Similar documents
Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

CA Federation Manager

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

Closing the Biggest Security Hole in Web Application Delivery

expanding web single sign-on to cloud and mobile environments agility made possible

CA SiteMinder. Implementation Guide. r12.0 SP2

Security Services. Benefits. The CA Advantage. Overview

CA Spectrum and CA Embedded Entitlements Manager

Netop Remote Control Security Server

Authentication Strategy: Balancing Security and Convenience

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

CA Automation Suite for Data Centers

CA Virtual Assurance for Infrastructure Managers

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

CA Workload Automation Agents Operating System, ERP, Database, Application Services and Web Services

CA Service Desk Manager - Mobile Enabler 2.0

How can Identity and Access Management help me to improve compliance and drive business performance?

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Designing a CA Single Sign-On Architecture for Enhanced Security

CA Workload Automation Agents for Mainframe-Hosted Implementations

White paper December Addressing single sign-on inside, outside, and between organizations

CA Technologies optimizes business systems worldwide with enterprise data model

Radix Technologies China establishes compelling cloud services using CA AppLogic

CA Compliance Manager for z/os

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

CA Clarity PPM. Overview. Benefits. agility made possible

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Web Applications Access Control Single Sign On

Single Sign-on to Salesforce.com with CA Federation Manager

agility made possible

CA Scheduler Job Management r11

CA Workload Automation

Vyom SSO-Edge: Single Sign-On for BMC Remedy

CA SOLVE:Central Service Desk for z/os

CA Process Automation for System z 3.1

CA Arcot RiskFort. Overview. Benefits

Web Admin Console - Release Management. Steve Parker Richard Lechner

IBM Tivoli Directory Integrator

PingFederate. SSO Integration Overview

CA Capacity Manager. Product overview. agility made possible

CA Performance Center

The Essentials Series: Enterprise Identity and Access Management. Authentication. sponsored by. by Richard Siddaway

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

TECHNOLOGY BRIEF: CA ERWIN SAPHIR OPTION. CA ERwin Saphir Option

PRODUCT SHEET: CA Arcot Cloud Services Data Centers CA Arcot cloud services data centers. True multi-tenancy and scalability

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam

CA Mobile Device Management 2014 Q1 Getting Started

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

ProtectID. for Financial Services

Sallie Mae slashes change management costs and complexity with CA SCM

identity management in Linux and UNIX environments

IBM Security Access Manager for Web

CA Systems Performance for Infrastructure Managers

CA Virtual Assurance for Infrastructure Managers

IBM Tivoli Federated Identity Manager

how can I improve performance of my customer service level agreements while reducing cost?

CA Cloud Service Delivery Platform

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

agility made possible

Asentinel Telecom Expense Management (TEM)

5 Pillars of API Management with CA Technologies

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

OVERVIEW. DIGIPASS Authentication for Office 365

CA ControlMinder for Virtual Environments May 2012

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

CA Aion Business Rules Expert 11.0

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

CA Repository for z/os r7.2

Contents. Introduction... 1

KASIKORNBANK eliminates nearly 30,000 helpdesk calls a year with automated identity management

CA Workload Automation Agent for Remote Execution

CA Aion Business Rules Expert r11

SAML SSO Configuration

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Understanding Enterprise Cloud Governance

IBM Tivoli Remote Control

Active Directory and DirectControl

CA Nimsoft Service Desk

CA Nimsoft Monitor. Probe Guide for CA ServiceDesk Gateway. casdgtw v2.4 series

CA Clarity Integration

Genesis Energy delivers IT projects faster with standardised processes and CA Clarity PPM.

can I customize my identity management deployment without extensive coding and services?

CA Technologies SiteMinder

CA Endevor Software Change Manager Version 15.0

Version Overview. Business value

An Overview of Samsung KNOX Active Directory and Group Policy Features

CA Technologies Solutions for Criminal Justice Information Security Compliance

Orchestrate IT Process with an Integrated Workflow Management

Transcription:

PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security for these key applications by extending the SiteMinder enabled Web access management infrastructure to include these Web-enabled enterprise systems. Business Value Product Overview The CA Advantage ERP applications are an important part of the IT infrastructure at many large organizations. Over the years these applications have become Web enabled and represent key business applications for employees, and in some cases, for partners and customers. Integrating these applications with the organization s Web access management solution saves time and money while increasing security. A comprehensive approach to single sign-on should include all Web applications, including ERP solutions. CA SiteMinder SSO Agents extend the access management and single sign-on functionality to cover ERP systems, driving the following benefits: Improved user experience and efficiency across the entire set of enterprise Web applications Higher security by enabling a variety of authentication methods Efficient access log collection and reporting Reduced risk of session hijacking due to session synchronization CA SiteMinder and its SSO Agents deliver unparalleled reliability, availability, scalability and manageability. The de facto gold standard for enterprise-class web access management, CA SiteMinder is also a key part of the CA Secure Web Business Enablement solution, which automates the administration of Web user identities and ensures that only properly authorized users can access critical Web applications, portals, and services.

The Increasing Need for a Comprehensive Web Access Management Solution ERP solutions were originally deployed as client/server-based, applications, but in recent years ERP vendors have developed Web-based front ends to ease the delivery of these applications to users. Like any other standalone application, these systems came with their own security systems requiring a separate log-on process. While most ERP systems do provide single sign-on (SSO) capabilities between the individual ERP components, they do not integrate access security with other Web-based applications throughout the organization. As organizations have moved to a Web-based delivery approach for the majority of their applications, the need to extend SSO across the entire enterprise has become increasingly important. In addition, organizations are also seeking to standardize and centralize specific aspects of their IT infrastructure, including security management. These factors result in a strong desire to have a single Web access management system that can provide a centralized authentication, authorization, auditing, and SSO experience across all Web enabled applications. CA SiteMinder SSO Agents To meet these challenges CA offers SiteMinder agents that provide the required integration between CA SiteMinder and each of the following ERP solutions: SAP Siebel Oracle PeopleSoft These agents provide an access management connection between CA SiteMinder and the ERP solutions, enabling centrally administered single sign-on between your organization s Web applications and your Web-enabled ERP applications. Additionally, CA SiteMinder allows you to use a variety of authentication methods to further protect your sensitive applications and data. It also provides session synchronization and detailed auditing/ reporting. CA Federation Manager and SOA Security Manager are available to further extend the secure single sign-on experience to trusted partners and services as necessary. This combined solution removes technical hurdles to provide a secure and efficient Web access management solution that scales to cover the most complex environments, including ERP systems. Key Capabilities CA SiteMinder Single Sign-On Agents for ERP Solutions provide customers the following capabilities: SINGLE SIGN-ON Extends SiteMinder single sign-on from protected Web applications and portals to ERP systems AUTHENTICATION MANAGEMENT Supports a multitude of authentication methods including passwords, digital certificates, smart cards, one-time-passwords, biometrics and more, thus enabling the matching of stronger authentication to application and data sensitivity ENHANCED SECURITY Advanced Tier 2 integration moves the point of trust from the web server which is typically in the DMZ, to the enterprise application server SESSION SYNCHRONIZATION SiteMinder and enterprise application sessions are linked. When the SiteMinder session ends, the corresponding enterprise application session is no longer available thus reducing the risk of session hijacking. 2 PRODUCT BRIEF: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS

Figure A: CA SiteMinder SSO Agents extend access management and single sign-on coverage to include ERP systems ARCHITECTURAL DIAGRAM. TYPICAL PROCESS FLOW:* 1. A user attempts to access an ERP application 2. The SiteMinder Agent on the Web Server forwards the request to the SiteMinder Policy Server 3. The Policy Server verifies access and returns the ERP Username to the Web Agent 4. The Web Agent passes the user security (SiteMinder session) information to ERP Server 5. The SiteMinder SSO Agent passes the SiteMinder session information to the Policy Server for verification 6. The Policy Server returns the result to the SSO Agent and ERP Security Interface 7. The ERP Security Interface returns the results to the SiteMinder Web Agent 8. The SiteMinder Web Agent allows the appropriate access to the application *This is a general overview, there are unique elements in each ERP access management scenario. PRODUCT BRIEF: CA WORKLOAD AUTOMATION AGENT 3

Benefits of CA SiteMinder SSO Agents INCREASED SECURITY Although many security products can integrate with ERP systems, most of them only have Tier 1 integration which is not fully secure. Tier 1 integration refers to the case where the security product passes on the authentication information sent by the user directly to the enterprise application to log in the user the and create a session. Tier 1 integration is the minimum requirement to provide SSO. In this case the ERP application fully trusts the information sent from the web server and does no further verification. Therefore the point of trust is the web server, which can reside in the DMZ and is more susceptible to attack. This approach is weak and can thus have significant security and/or auditing consequences. The SiteMinder Single Sign-On Agents for ERP Solutions provide Tier 2 integration allowing The ERP system to verify that the session information passed to it was in fact sent by SiteMinder rather than an attacker. This capability is critical to ensure that internal users are not attempting to compromise the application. With Tier 2 integration, the point of trust is the ERP server and the SiteMinder Policy Server, neither of which reside in the DMZ. With SiteMinder, users can be authenticated at the main application site when they first login and then move seamlessly to any ERP application without being prompted for credentials. The ERP application can provide the presentation mechanism for the users, but SiteMinder assumes the responsibility for authenticating the users. Because SiteMinder can natively integrate with most user directories and/or databases, there is no need to store user credentials in multiple locations. SESSION PROTECTION When a user authenticates, SiteMinder assigns a unique session identifier to that user s session. This session identifier remains constant for that user for the life of the session. Logging off does not actually release this session identifier; instead, it deletes the session cookie that SiteMinder uses to track the session identifier. ERP systems maintain session identifiers using cookies in a similar way to SiteMinder. Cookies used in this manner are typically safe but there is one case where they can present a security hole. This hole is called a replay attack and occurs when a cookie is stolen from one machine and presented by another for nefarious purposes. This allows another user to take over the original user s authenticated session. The SiteMinder Single Sign-On Agents for ERP Solutions address this problem by taking the ERP session ticket and associating it with a SiteMinder session cookie. Once associated, the ERP session ticket can only be used by that particular SiteMinder session. Attempts to use the same ERP session cookie will be denied as the associated SiteMinder cookie will no longer be valid. REDUCED INTEGRATION COSTS CA created the SiteMinder SSO Agents for ERP solutions to eliminate the need for customers to build custom integrations with the leading ERP solutions. LOWER COST THROUGH SINGLE SIGN-ON With SiteMinder and a SSO agent, users sign-on to a website or portal once and gain access to all relevant applications and data as defined by their user privileges. Single sign-on provides access to content residing on multiple applications which run on multiple servers, multiple platforms, and across multiple Internet domains. This benefits end-users by providing them with a high-quality user experience that is personalized to their needs and entitlements. The centralized security approach also minimizes the likelihood of a security breach by limiting the number of authentication points. SAVINGS REALIZED BY LEVERAGING EXISTING INFRASTRUCTURE SiteMinder SSO Agents work with several versions of each ERP solution and support a large number of platforms currently used by IT organizations, as well as new, emerging technologies. They support a wide range of operating systems including multiple versions of Windows, AIX, HP-UX, Solaris, Red Hat and SUSE Linux. Common versions of web servers are also supported including IIS, Sun ONE and Apache. This simplifies the adoption and deployment of agents into existing IT environments. 4 PRODUCT BRIEF: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS

Conclusion SiteMinder and SSO agents enable ERP customers to extend SSO to more of their critical Web applications. SiteMinder SSO is delivered across multiple platforms, applications and Internet domains while providing enhanced security, a richer user experience, and more cost-effective user support. The integration between SiteMinder and these enterprise applications provides a second level of trust behind the DMZ on the corporate internal network. CA SiteMinder two-tier authentication is critical for such sensitive enterprise applications. This ability to provide a two-tier authentication model differentiates the SiteMinder authentication and authorization management solution from alternative solutions. Why CA? CA SiteMinder SSO Agents are part of the complete and proven SiteMinder product family, which is the core of the larger Secure Web Business Enablement solution area. CA s comprehensive, integrated, and modular solutions for Secure Web Business Enablement also include CA Federation Manager and CA SOA Security Manager. Deployed separately, the individual CA products can address specific problems or help organizations achieve specific goals related to security management. But deployed together, they provide a comprehensive, unified solution that creates a new level of security and flexibility. These products are all part of a larger Identity and Access Management (IAM) solution from CA that helps you protect your IT assets across all platforms and environments. As such, it contributes to the goal of lean IT by enhancing your ability to optimize the performance, reliability and efficiency of your overall IT infrastructure. CA s comprehensive portfolio of modular IT management solutions helps the enterprise unify, simplify and secure IT to better manage risk, costs and service, and ensure that IT meets the business needs of the enterprise. To learn more, and see how CA software solutions enable organizations to unify and simplify IT management for better business results, visit http://www.ca.com/us/web-access-management.aspx. Copyright 2009 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. MP344870809

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information