Symantec Access Management

Experts,

I'm new to the CA Suite of products and I'm trying to differentiate the capabilities. I apologize in advance as I think that this question should be easily answered yet, despite flipping back and forth through all the documentation, it continues to confuse me...

How is Federation Manager different than SiteMinder? It seems like its own distinct product that has a set of capabilities that are already included as part of SiteMinder's Federation Security Services. Since SiteMinder alone seems to be able to act as a SAML 2.0 Service Provider and Identity Provided, what use case does Federation Manager satisfy as 1) a standalone product 2) integrated with SiteMinder?

I've found separate documentation for each, and the Federation Manager docs are very specific about it being installed separate from SiteMinder. These docs are from 2010 though so I have a suspicion right now that it was once a separate product that is now rolled into SiteMinder. In fact, the Federation Manager documented integration with SiteMinder seems to lend itself towards this. Can someone confirm?

Thanks in advance!


Federation Manager - https://support.ca.com/cadocs/0/CA%20Federation%20Manager%20r12%201-ENU/Bookshelf.html
SiteMinder - https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%205-ENU/Bookshelf.html

When CA came out with SiteMinder R12.0 they also introduced Federation Manager.
I'm not sure what the benefits were over SiteMinder, however Ibeleive mostof its features were rolled i in R12.5 and R12.51

I would check with your CA Account Team.

If you are unsure of who those people are, CA Support can help find them for you, and answer this in the mean time.

Currently, there are two partnership-based federation offerings. One is integrated with SiteMinder and it's called Partnership Federation. The other offering is the Federation Manager standalone product.

Both Partnership Federation and the Federation Manager standalone product have the same core federation capabilities. However, Federation Manager standalone solves several use cases that SiteMinder does not:
1) Federation Manager standalone can be installed purely as a federation product in an environment that does not have SiteMinder, or where there is another Web Access Management product.
2) In an environment that already has SiteMinder, Federation Manager standalone allows individual departments to configure federated trust relationships with outside entities with minimal involvement needed by the central SiteMinder administrative team.

NOTE: Federation Security Services is the legacy product. It still exists in the SiteMinder product and is named Legacy Federation. This model is for managing legacy federation objects.

Put it simple:

Siteminder 12.5 include Federation = Siteminder 12 + Federation
(Note: Federation is separately licensed from SiteMinder.)

Federation Manager = SPS + Federation

Product Federation Manger refer to Federation Manger Guide,
CA SiteMinder Federation refert to CA SiteMinder Federation Guide.

To federate, you can do:
SM - SM (best) (If Assertity party and relying party both use Siteminder r12.5, no need for Federation Manager.)
SM - FM
FM - SM
FM - FM

We need Federation Manager on one side because it has a component called Secure proxy engine whihc can forwards traffic to backend servers. This engine employs web server, servlet engine, proxy server and federation web services features.

CA SiteMinder Federation has two deployment models: Legacy Federation or Partnership federation is based on configuring federated partnerships. The partnership model does not require configuration of SiteMinder-specific objects, such as domains, realms, and policies.

Thank you all very much for your answers!

I understand the separation of products as well as the overlap in some areas. I realize now that even my SiteMinder documentation was outdated (I was looking at 12.0 rather than 12.5) which explains why it was not matching up properly with the various whitepapers, data sheets and other threads I was reading.