A few weeks ago, at the RSA Conference we made an announcement about the continuation of our Content-Aware Identity and Access Management strategy enabled by new versions of CA SiteMinder and CA DataMinder Classification. The headliner for this announcement was the ability to improve SharePoint security and rightfully so – SharePoint is one of the most widely deployed collaboration platforms in the market today and we frequently hear questions from our customers about how they should protect their SharePoint environment.
While I was at the conference I also heard a lot of excitement about another aspect of this announcement from our customers – the core capabilities added in CA SiteMinder 12.5 which increase the power of their Web access management environment, simplify administration and improve their federation deployments.
CA SiteMinder 12.5 includes a number of significant enhancements to improve the breadth of applications which can be effectively incorporated into your Web access management environment and the granularity of protection which can be provided. This includes:
- Content-Aware Access Control for SharePoint: Enhances CA SiteMinder authorization policies to leverage knowledge about the sensitivity of content within a document (provided by CA DataMinder Classification) in making access decisions.
- Identity 2.0 Support: Enables CA SiteMinder to serve as a relying party for OpenID 2.0 credentials (e.g. Google, Yahoo, Facebook) and provides Identity, Credential and Access Management (ICAM) 2.0 profile support.
- Risk-Based Identity Assurance: Extends the ability of CA SiteMinder to use CA RiskMinderTM risk factors in realm and application policy evaluation decisions.
- CA Directory Session Store: Includes the option to leverage CA Directory (an ultra-high performance user directory) as the centralized session store, improving the speed of authentication and authorization.
Many organizations have extensive CA SiteMinder deployments supporting large numbers of users and applications. CA SiteMinder 12.5 delivers a number of capabilities designed to reduce the total cost of ownership of deployments and make it easier for you to efficiently administer CA SiteMinder environments.
- Agent Discovery: Provides the ability to discover CA SiteMinder agents that are deployed and centrally view details about associated CA SiteMinder policies, agent configuration objects and host configuration objects.
- Hardware Load Balancer Support: Hardware load balancers can be used between Web Agents and Policy Servers to support IP address virtualization and easily move Policy Servers in and out of a production environment.
- Centralized Key Store: Includes a new central, shared certificate and key store to replace smkeydatabase, eliminating the need for the store to reside on each policy server or execution of manual synchronizations.
- Enhanced Directory Mapping: Supports more flexible directory mapping beyond auth-validate and current authorization mapping capabilities available in previous product versions.
- Administrative User Interface Protection: Allows the CA SiteMinder administrative user interface to be protected by any CA SiteMinder custom or out-of-the-box authentication scheme.
- Administrative Workspaces: New workspace objects provide more granular control over the delegation of administrative rights beyond domains or applications.
As collaboration between companies increases, partners are seeking to extend single sign-on, authentication and authorization benefits across domain boundaries through identity federation. Additionally organizations are incorporating more and more SaaS-based applications into their core set of applications. CA SiteMinder Federation 12.5 offers improvements in the administration of federated partnerships as well as new capabilities to improve the level of control over federated transactions.
- Wizard Driven User Interface: Federation services deployed on CA SiteMinder 12.5 include a new wizard-driven interface to simplify the creation and ongoing management of federated partnerships.
- Authentication Context Support: Allows federation Service Providers to require that Identity Providers authenticate users to a certain level of strength and allows SiteMinder to enforce a requested level of authentication strength when it acts as an Identity Provider.
- User Consent: When CA SiteMinder serves as an Identity Provider, it provides the option to check with the user before sending a SAML assertion to a Service Provider.
- Attribute Mapping: Enables the mapping of assertion attributes from different Identity Providers to a common attribute on the Service Provider side of a federated transaction.
- Single Logout Over SOAP: Ability to use Simple Object Access Protocol (SOAP) broadens single logout options for improved usability.
- eGov 1.5: Partnership federation has been enhanced to comply with eGov 1.5 certifications as applicable to SAML 2.0.
As you can see, there’s a lot of power contained within this latest version of CA SiteMinder. If you’re a CA SiteMinder customer, reach out to your CA team and have them help you understand where you might be able to benefit from the new capabilities in this product release.