Tuesday, May 23, 2017

Overview of SiteMinder

Agenda
  • Overview of SiteMinder
  • SiteMinder in Application Architecture
  • How SiteMinder works
  • SiteMinder Administration
  • What developers need to know
Overview of SiteMinder Overview
  • SiteMinder is a centralized Web access management system.
      • Authentication
      • Authorization
      • Auditing
      • Administration
Overview
    • Access is almost always tied to Identity , hence the commonly used term Identity and Access Management
    • SiteMinder provides Access Management and not Identity Management
SiteMinder in Application Architecture



SiteMinder in Application Architecture

  • Users
  • Secure Proxy Server
  • Destination Server
  • Policy Server
  • Web Server
  • Agent
  • Secured Applications
  • User and Entitlement Stores
SiteMinder in Architecture
  • Agent based / Proxy based SiteMinder configuration
  • Agent based is typical for distributed access management
  • Proxy based configuration is typical for centralized access management
  • A combined approach allows for a flexible and very secure access management system
SiteMinder in Architecture



 How Site Minder works?




User Accesses a web resource Agent finds the Resource protected User shown The Login page Authentication Info passed to Policy Server User given access To resource

SiteMinder Administration


  • Web Server Configuration
o   SiteMinder Host
§  Configure the SiteMinder Policy Server with the host machine.

§  A secure handshake between the Policy Server and host machine happens with the help of a secret key

o   Web Agent
§  Web Agent Configuration helps configure the agent to the Web server used
SiteMinder Administration
  • Demonstration
  • SiteMinder Web Configuration
SiteMinder Administration
  • SiteMinder Policy Server Configuration
      • Agent
      • Agent Configuration Objects
      • Host Configuration Objects
      • Administrator
      • Domain
      • User Directory
      • Realm
      • Authentication Scheme
      • Rules
      • Responses
      • Policies
SiteMinder Administration
  • Demonstration
  • SiteMinder Policy Server Configuration
SiteMinder Administration
  • Realm = Resource
  • Rule = Resource + Access
  • User = Role
  • Response = Result
  • Policy = User + Rule + Response
What developers need to know What developers need to know
  • The web application need not have any login page.
  • SiteMinder provides a common Login page that can be personalized
  • Dim smColl As NameValueCollection = HttpContext.Current.Request.Headers
  • lblUserID.Text = smColl( "HTTP_SMUSER" )
  • All information contained in the SiteMinder header can be seen in the below link https://www.portal.beta.state.pa.us/portal/sso/showheaders.aspx
Demonstration
  • Demonstration
  • Sample Web Application protected
  • by SiteMinder
Summary
  • SiteMinder as centralized web access management system with quad-A services
  • Identity vs Access Management
  • SiteMinder in some typical Application Architecture
  • How SiteMinder works
  • SiteMinder Web Server configuration (agent & host configuration)
  • SiteMinder Policy Server configuration
  • What developers need to know (login page and code)


at No comments:
Labels: ,

SiteMinder Overview

HOW CA SITEMINDER WORKS – BASICS

CA Site Minder (a.k.a. Netegrity Site Minder SSO) is a web access management system that enables user authentication and secure Internet SSO (single sign-on), policy-driven authorization, a federation of identities, and complete auditing of all access to the web applications it protects.
Site Minder was originally created by Netegrity, which was acquired by CA (Computer Associates) in 2005.SiteMinder is an Access Management component. It provides a centralized and secure policy management in large scale. It provides a way to authenticate the user and authorize the user for the application which he is only authorized for. Its authorization model is based on security policy. 

SiteMinder is combined with a Policy server and agents installed in web server to which deals operation behind. SiteMinder works on SSO and it also works on Cookie.

SiteMinder consists of two core components:

Policy Server:

The Policy Server provides policy management, authentication, authorization, and accounting.

SiteMinder Agents: 

Integrated with a standard Web server or application server, SiteMinder Agents enable SiteMinder to manage access to Web applications and content according to predefined security policies.

How CA SiteMinder Works:

The process for securely accessing web applications:

1. User attempts to access a protected resource.

2. User is challenged for credentials and presents them to the CA SiteMinder web agent or to the Secure Proxy Server.

3. The user’s credentials are passed to the Policy Server.

4. The user is authenticated against the appropriate user store.

5. The Policy Server evaluates the user’s entitlements and grants access.

6. User profile and entitlement information is passed to the application.

7. The user gets access to the secured application, which delivers customized content

How does SiteMinder Works? & Components of SiteMinder

Web Agents which are installed in Web servers will interrupt the user request and checks if the requested application is Protected? 
 If yes it will transfer the request to the Policy Server.

How web agents intercepts the request and communicate with the Policy Server

1.    When user enters the application url in the browser, it is directed to the web server, the web agent will be installed on the web serves, The request is first intercepted by the webagent.conf file.

2.    In web agent.conf file it will find the path of the smhost.conf file and the request goes to smhost.conf file.

3.    From smhost.conf file it finds the policy server details which it needs to contact for verification[authentication and authorization].

4.    Now Web server contacts the policy server from the details from smhost.conf file.

5.    The Ports included in that is 4441,4442 and 4443 which is done by LLAWP[Low Level Agent Worker Process] process.

6.    LLAWP  sends the request to policy server asking for initializing the communication between the web agent and policy server, there comes to play the role of trusted host[which is created when the agent is installed on the webserver].The Trusted host name will be mentioned in the smhost.conf file.

7.    We need to have a one time trust build for the secure communication between Policy Server and Webserver.

8.    When policy server receives the request it checks whether it can trust the request by seeing whether the trusted host present is present in policy store and if it belongs to web server from which it got the request.

9.    The initial communication from the webserver will be encrypted and it is maintained by a Shared Secrete Key which will be present in the smhost.conf. So the request will be secure and only the Policy Server can de-crypt it.

10.A trust is created and communication between webagent and Policy Server will be started, a Process call HLA will be started and it uses the HCO[registered when agent is installed].

11.When the communication from policy server reaches the web agent it decrypts the communication using shared secret and in communication it will have details about the HCO which have started the communication, it compares if HCO in communication is same as HCO present in smhost.conf file.

12.This way the policy server and web agent handshake with each other and sets the communication.Now Web agent sends the details of the ACO present in webagent.conf to policy server.

13.The policy server now takes the this ACO[which is in webagent.conf file] and it will check whether the same is  present in policy store of Policy Server, if it is present it will get the agent name present in ACO and also the properties of the agent present in ACO .Now policy server asks for the resource and web agents sends the resource it go from browser.

14.policy server gets the list of all the realms present in policy store which are linked to the agent that is present in the ACO. After that comparing the resource it got from web agent present in realm in the list, and gets the realm which has this resource and policy server see’s whether this realm is configured for protected or not protected.

Not Protected–> User will be able to access the resource.
if protected–>it will check whether the request that got from browser has a valid smsession. If there is no smsession then policy server fetches the authscheme from realm and gives the corresponding login page to web agent and it gives it to browser[Final output].

at No comments:
Labels: ,

Friday, May 5, 2017

Replace the line break

TRANSLATE function replaces a sequence of characters in a string with another set of characters. However, it replaces a single character at a time.

 The syntax for the TRANSLATE function in Oracle/PLSQL is:

 
TRANSLATE( string1, string_to_replace, replacement_string )

parameters or Arguments

string1
The string to replace a sequence of characters with another set of characters.
string_to_replace
The string that will be searched for in string1.
replacement_string
All characters in the string_to_replace will be replaced with the corresponding character in the replacement_string.
at No comments:
Labels: ,

Connect to the SQL Plus from command prompot

Do the following steps to start SQL*Plus and connect to the default database:
  1. Open a Windows command prompt.
  2. At the command-line prompt, enter the SQL*Plus command in the form:
    c:\> sqlplus
  3. When prompted, enter your Oracle9i username and password. If you do not know your Oracle9i username and password, ask your Database Administrator.
  4. SQL*Plus starts and connects to the default database.
    Now you can start entering and executing SQL, PL/SQL and SQL*Plus statements and commands at the SQL> prompt.
Do the following to start SQL*Plus and connect to a specified database other than the default:

  1. Start SQL*Plus and connect to the default database.
  2. Use the CONNECT command to specify the Oracle Net database alias (@connect_identifier) of the database you want to connect to. To do this enter the CONNECT command in the form:
    SQL> connect username/password@connect_identifier
    To hide your password, enter the CONNECT command in the form:
    SQL> connect username@connect_identifier
    You will be prompted to enter your password.
  3. Alternatively, to start SQL*Plus connected to a database other than the default, enter the SQL*Plus command in the form:
    c:\> sqlplus username/password@connect_identifier
    To hide your password, enter the SQL*Plus command in the form:
    c:\> sqlplus username@connect_identifier
    You will be prompted to enter your password.
at No comments:
Labels: ,

Tuesday, May 2, 2017

Difference between SQL and MySQL

We have earlier seen the difference between SQL and NoSQL. Now in this post I will tell you the basic difference between SQL and MySQL. Most people find it hard to wrap their head around SQL and MySQL, and you might be one of those. There are books about SQL everywhere, and for good reason! Reading these books has helped me in differentiating both the concepts, viz. SQL and MySQL.

To begin with, let us explain you both technologies, and this is how they are defined:

SQL vs MySQL

SQL stands for Structured Query Language. It’s a standard language for accessing and manipulating databases. MySQL is a database management system, like SQL Server, Oracle, Informix, Postgres, etc. MySQL is a RDMS (Relational Database Management System).
When considering a utility for data management the two most popular choices are MySQL and SQL Server. Both are efficient at keeping your data organized and readily available through a user interface. Both technologies have the concept of schema (that is table storage) for data storage.
SQL is a language.  Specifically, the “Structured Query Language” Now it would be better if we start differentiating the topic as difference between SQL server and MySQL and take them point by point.

SQL Server and MySQL Vendors:

The MySQL development project has made its source code available under the terms of the GNU General Public License, as well as under a variety of proprietary agreements. MySQL was owned and sponsored by a single for-profit firm, the Swedish company MySQL AB, now owned by Oracle Corporation.
SQL server is owned by Microsoft and is typically referred as Microsoft SQL Server. It has a long history of releases and it is updated often adding all latest trends and technologies to it thus making it one of the trusted data base applications today. At the 2011 PASS summit on October 11, Microsoft announced that the next major version of SQL Server,

Strengths: SQL Server and MySQL


To give a better idea of the differences in MySQL and SQL Server -MySQL is geared more toward selecting data so it can be displayed, updated and saved again. MySQL is weaker in the areas of inserting and deleting data. But it is an excellent choice, for data storage and referencing data.

Here are some specific technical differences in MySQL and SQL Server when it comes down to the ANSI SQL standard: Features like stored procedures, triggers, views, and cursors became a part of the MySQL database server in MySQL version 5.0 and still you won’t find a rich feature set in terms of development functions and capabilities. However MySQL’s stored code-objects are close to ANSI standards, but again, they don’t have the breadth and depth of T-SQL, Microsoft and Sybase’s proprietary extension to SQL.

Security: SQL Server and MySQL

Security is a major concern for data management. Both technologies, that is MySQL and Microsoft SQL Server, are EC2 complaint and make sure that they have adequate security support for building government applications.  Going down the line Microsoft’s SQL Server, leads the way in offering all-round security features, as Microsoft’s Baseline Security Analyzer helps administrators ensure that the SQL Server installation is up to date. MySQL has no such tool to do so.

Support: SQL Server and MySQL

Both SQL server and MySQL has the support from their respective vendors both in free and paid form. MySQL as we know is now a subsidiary of Oracle which is a Capability Maturity Model (CMM) level 5 company and offers support via technical representatives and “Virtual MySQL DBA Assistant”.
On the other hand Microsoft has been pioneering SQL server over years and assures assistance on its SQL database and Cloud storage. Further more a free Microsoft SQL Server Migration Assistant (SSMA) makes it easy to migrate data from Oracle, Microsoft Access, MySQL, and Sybase to SQL Server.

Latest release: MySQL and SQL Server

MySQL has the stable version of MySQL 5.5.19. Microsoft’s SQL Server is currently available as SQL Server 2008 R2. SQL Server 2012, with many new features, was announced in the Pass Summit, October 2011, and is expected to be available in the first half of 2012.

Conclusion: MySQL vs SQL Server

As we have seen the difference between SQL Server and MySQL, the picture is now almost clear. It all comes down to your needs, how much secure, scalable and efficient database you want. From most points it is clear that Microsoft’s SQL Server provides some extra features over MySQL and is more trusted in the development market.
at No comments:
Labels: ,
Subscribe to: Comments (Atom)