Policy Server Services
- Policy Server directs all of SiteMinder’s services
- Policy Server’s Services include:
– Policy Server
o Authentication
o Authorization
o Administration
o Accounting
– Health Monitoring Service
The Netegrity Policy Server directs all of SiteMinder’sservices. It typically runs on a separate Windows or Solaris system, andperforms SiteMinder’s key security operations. The Policy Server consists oftwo services: the SiteMinder Policy Server and the SiteMinder Health MonitoringService.
The SiteMinder Policy Server provides the following:
• Authentication Services - The Policy Server supports arange of authentication methods. It can authenticate users based on user namesand passwords, via tokens, using forms based authentication, and throughpublic-key certificates.
• Authorization Services - The Policy Server isresponsible for managing and enforcing access control rules established by thePolicy Server administrator. These rules define the operations that are allowedfor each protected resource.
• Administration - The Policy Server can be configuredusing the Policy Server User Interface (UI). The Administration service of thePolicy Server is what allows the UI to record configuration information in thePolicy Store. The Policy Store is the database that contains all policy objectsincluding entitlement information.
• Accounting Services - The Policy Server generates logfiles that contain auditing information about the events that occur within thesystem. These logs can be printed in the form of predefined reports, so thatsecurity events or anomalies can be analyzed.
The Health Monitoring Services provides monitoring ofSiteMinder components.
This example of an n-tier architecture adds a policy serverto the business logic layer. This server provides authentication, monitoring,authorization, administration and accounting services. Now both the web serverand the application server have their user, who are requesting resources,authenticated and authorized by the common policy server. ACL’s no longer needto be maintained on each individual server. All user authentication andauthorization information is managed and accessed through the policy server.