Policy Server Objects
- Object Types include:
– System Objects
o Can be used throughout a SiteMinder deployment
– Domain Objects
o Groupings of objects that deal with a specific domainof resources
- Administrative Roles
– Accounts that grant access to Policy Server objects
System objects can be used throughout a SiteMinderdeployment. They include connections to existing user directories,administrators, Agents, authentication schemes, registration schemes, andpassword policies.
A policy domain is a grouping of objects that deal with aspecific domain of resources. For example, a company may divide its networkresources by business unit, creating a policy domain for marketing, a separatedomain for engineering, etc. Policy domain objects are those objects thatpertain to a specific policy domain. These objects include rules and policiesfor controlling access to resources.
The Policy Server User Interface allows you to configureadministrator accounts that grant access to all Policy Server objects, specificsubsets of resources called domains, or subsets of features, such as securityor user management.
You can assign accounts on a user name and password basis,or specify administrator privileges for specific administrators or groups ofadministrators who are stored in an existing user directory.
When you begin working with the Policy Server User Interfaceto configure objects for your SiteMinder deployment, you will discover thatcertain objects are prerequisites of other objects. The above diagram explainswhich objects are required, which are optional, and which should be configuredfirst. The numbers in the diagram above indicate the sequence in which theobjects must be configured.
This slide shows the display of the Administer Policy Serverweb page. Clicking on the Administer Policy Server link will download thePolicy Server Administration User Interface applet to your browser. Thisinterface will allow you to configure the policy server objects.
This slide shows the display of the SiteMinderAdministration Login dialog. Logging in as a specific administrator willdetermine which policy server objects you are allowed to manage.
The distinction between System and Domain objects is notbased on their functionality but based on who administers them and the scope inwhich they are defined. System objects are visible in all domains. Domainobjects are only visible within their own domain.
Within the domain, realms define groups of resources withsimilar security requirements. Agents handle requests for resources within therealm. Users are also associated with the domain, and it is the policy thatbrings together users with the resources they are allowed to access. The rulesdetermine what user requests or SiteMinder events trigger policy evaluation.
In this course you will learn more about the variousSystem and Domain objects that are used to configure security in SiteMinder.
