Symantec Access Management

  • 1.  Policy Server to User Directory (ODBC) encryption

    Posted 01-09-2015 07:51 AM

    Hi Folks,

     

    We are trying to configure encryption between the policy server and an ODBC datasource (user directory). We are aware there is an option to configure it using SSL certificate encryption. However, eager to know if SiteMinder, via an ODBC interface, can utilise SQLNET encryption if using the below parameters on the database:

     

    1. SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
    2. SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256)
    3. SQLNET.ENCRYPTION_CLIENT = REQUIRED
    4. SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED

     

    Thanks,

    Neha Gupta



  • 2.  Re: Policy Server to User Directory (ODBC) encryption

    Posted 01-12-2015 11:05 AM

    Neha

     

    This is what I know, unless anyone here suggests otherwise.

     

    As we know that SiteMinder uses the DD drivers to make ODBC calls. Enforcing some form of encryption at DD layer on SiteMinder side, it's never been tested before. Hence it is not supported. Another thing to note, is if something like this is possible, we need to ensure that the encryption occurs only for that particular user directory object and not across all ODBC stores which DD in SiteMinder services.

     

    I don't think SiteMinder in it current capability could utilize SQLNET encryption. The way SiteMinder works is, it just hands over the 'credential' as is to a user store. It is the job of the user store to take the credential and apply any encryption algorithm before doing a password match. For e.g. SiteMinder would just call a Stored Procedure on the ODBC user store. It is the Stored Procedure's job to use the SQLNET encryption before further processing.

     

     

    Regards

     

    Hubert