Symantec Access Management

  • Private Community

  • 1.  difference between application and domain

    Posted Feb 21, 2017 05:27 AM

    Hi,

    When I read the document, I found that there are two concept which are confused me.

    that is application and domain.

    Seems they all controll the access to the target server.

    So what's the difference of that? does I need to configure them all to get Single-Sign On?

    Thanks.



  • 2.  Re: difference between application and domain

    Broadcom Employee
    Posted Feb 21, 2017 11:03 AM

    Hello, Teng Fei,

     

    A policy domain is a logical grouping of resources associated with one or more user directories.

     

    Application objects provide an access management model that lets you protect business applications without an in-depth knowledge of CA SiteMinder®-specific concepts and components. This model is also known as Enterprise Policy Management (EPM).Define the Security Policy for a Web Application in an Application Object
    To protect an application, you create an Application object and are only required to provide data for configuration settings that do not have defaults. Modifying other settings is optional, however, such manipulation is not required.

     

    These are two separate design concepts for protecting a resource.

    EPM is newer model and designed for simple use cases.

    Policy domain model was carried over of older traditional configuration and intended for much more fine grained control. Both should work for simple use cases, and both are supported, but as of today, policy domain model does have much larger client base, since most started by using Policy domain model to begin with. 

     

    You only needs to choose one of them for implementation.

     

    Hope this answers your questions.

    Thanks,

     

    Hongxu



  • 3.  Re: difference between application and domain
    Best Answer

    Posted Feb 21, 2017 07:49 PM

    All functionality is available, regardless of which model you use.

    Policy domain is still most commonly used model. I have rarely seen customer using Application model.

    My personal choice is Policy domain model as well.

     



  • 4.  Re: difference between application and domain

    Posted Feb 22, 2017 12:33 AM

    Hi Ujwol,

    Thanks! Now I am clear about that! 

    Teng Fei



  • 5.  Re: difference between application and domain

    Posted Feb 22, 2017 12:32 AM

    Hi Hongxu,

    Thanks for explanation of these two concepts. Now I am very clear about that!

    Thanks!

    Teng Fei



  • 6.  Re: difference between application and domain

    Broadcom Employee
    Posted Feb 22, 2017 09:23 AM

    Feifrank,

     

    Something to think about if you plan to use the Policy Management API's - Java or Perl I would recommend using the traditional domain model. The application model is not well supported with the current API's and is lacking in most functionality.

     

    Adam



  • 7.  Re: difference between application and domain

    Posted Feb 23, 2017 04:18 PM

    Hello Teng Fei,

     

    I think domain has more settings over application, could recall not finding IP based restrictions and Time based restrictions while creating an application few years ago (R12).

     

    I would say stick to domain instead of application rather than having a surprise at the end of setup.

     

    Thank you,

    Raja Shravan