Since my migration over to the security side of the alliances business I have had to quickly adapt and learn an entirely new vernacular, gain a deeper understanding of customer application security requirements and connect with an entirely new group of partner vendors.  One of our largest partners and most consistently co-installed vendors is SiteMinder from CA.  While the F5 BIG-IP APM product helps to facilitate universal access and authentication to web based applications, CA SiteMinder to provide authorization security to parts of sites or specific areas of a web based application. Many of our joint customers however, would like a combined solution that can provide both of the above mentioned capabilities from a single appliance. In an ideal world migrating the functionality of SiteMinder agents to the BIG-IP would simplify the process of enforcing user authorization.  This would have the effect of simplifying your overall AuthN and AuthZ functions.

Now with the SecureAuth PDP server, F5 iRules and BIG-IP APM these processes can be simplified. 

The SecureAuth PDP (Policy Decision Point) solution enables the enterprise to remove the SiteMinder agents on the web servers and still allow the enterprise to control authorization via the SiteMinder policy server.

SecureAuth PDP enables the removal of the SiteMinder agents via enabling the F5 BigIP APM  (Access Policy Mnager) to enforce the SiteMinder policies. The F5 APM is a purpose built network component that runs on the F5 BigIP. F5 BIG-IP APM is designed to be utilized as an scalable authentication/authorization point to proxy traffic destined for web and application servers.

This combined solution provides customers with a dramatically simplified web application access environment.  For additional details, check out the solution details at http://www.secureauth.com/network/f5/ca-siteminder-integration/.  As always your feedback and other comments are most appreciated. 

image

Comments on this Article
Comment made 09-Apr-2014 by Masterbaker 0
Can anyone comment on real-world experience with this solution, as far as stability, performance and support goes?

This seems like a much more elegant solution than deploying (and dealing with the pains of maintaining) agents on each and every app server and web server...

But at the same time, I'm having concerns about the support issues that can rise with a solution that involves three different vendors.
0
Comment made 09-Apr-2014 by Josh Becigneul 1115
Looks like the URL http://www.secureauth.com/network/f5/ca-siteminder-integration/ is no longer functional.
0
Comment made 09-Apr-2014 by Masterbaker 0
URL has moved here... http://www.secureauth.com/blog/tired-of-your-siteminder-agents-turn-to-f5secureauth/

Other than that sales pitch this product does not have much visibility on the web and search engines. Not much in the way of details or user / feedback...
0
Comment made 23-Mar-2016 by F5Hovey
Update: This solution is low longer valid with the end-of life of SecureAuth's PDP product.
0