Symantec Access Management

  • Private Community
 View Only

  • 1.  Protecting mobile application with siteminder

    Posted Feb 13, 2013 09:25 AM
    I was in a meeting yesterday with the developers that are developing what they called a mobile application that they want protected with siteminder. Upon further questioning I discovered that they are not really creating a mobile application. The developers are planning to use a url tht will link to the existing application that is hosted on IIS 7.0 servers. The url will be used by any mobile device (irregardless of platform). The intect is that users will be able to search a database and complete a form and send it. I was unable to convince them that they should look at the secure proxy server product. I have two questions. first, will this solution work? Secondly, if the solution will work what problems will we experience? I was unable to find any documentation about protecting a mobile application with siteminder. Is there any documentation available other then the bright talk webcasts?


    Thanks for any information that you can provide,

    Roy


  • 2.  RE: Protecting mobile application with siteminder

    Posted Feb 13, 2013 12:59 PM
    There is some documentation that is part of the Sample app for ipad download kit located at 99766259

    The proxy is a useful but not necessarily a requirement to use siteminder to secure mobile applications. The key is deploying siteminder so that it can be used as a rest services to authenticate users from within the application.


  • 3.  RE: Protecting mobile application with siteminder

    Posted Feb 14, 2013 10:26 AM
    Thanks for the reply, We are currently using siteminder 6 sp5 for this application. Siteminder was installed using the CA installation guide. I take it that this guide is not what you mean by deploying siteminder to be used as a rest service? Is there any instructions on deploying siteminder 6 sp5 to be used as a rest service?


    Thanks,

    Roy


  • 4.  RE: Protecting mobile application with siteminder

    Posted Feb 14, 2013 11:07 AM
    Hi AB, Can you clarify more on this? 'eploying siteminder to be used as a rest service'

    Here is what we do at present.
    I do not have in-depth knowledge of RESTful and SOAP Web services which are used to create our mobile apps. All I know as SiteMinder admin is, the clients(moblie devices) use HTTP to access the services, which are intercepted by a WebAgent and SiteMinder does its magic. For me, I treat it just like a Web browser request origination from a user's desktop or laptop.

    I appreciate your comments on our setup.


  • 5.  RE: Protecting mobile application with siteminder
    Best Answer

    Posted Feb 14, 2013 02:36 PM
    I would suggest that you take another look at the SiteMinder Mobile Authentication App Solution (99766259). While this may not provide exactly what you need, it does demonstrate how to configure a Web Agent or Secure Proxy Server to expose SiteMinder authentication operations as REST web services so that mobile apps can send requests to these services to do the following operations:

    ■ Log in a user using Basic (username and password) authentication.
    ■ Verify the status of a SiteMinder session.
    ■ Log out a user.

    Can you explain why this is of no use to you?

    --Tim


  • 6.  RE: Protecting mobile application with siteminder

    Posted Feb 22, 2014 04:05 PM

    Hi,

    We have a new requirement which is to integrate siteminder to protect mobile apps. I have gone through the documentation by CA which is Implementing Siteminder Authentication for Mobile Apps and here are my few questions.

    1. As per the doc, we can use the existing Sitemiinder Infrastructure which is webagent or Secure Proxy Server and deploy Siteminder Authentication kit to do the needful. If we go ahead with the siteminder webagent route, the only possibility will be to have SMSESSION Cookies which are of 2 KB size and this would def be a disadvantage. Is this correct?

    2. To my understanding the Siteminder Authentication kit would be deployed on an exisitng Siteminder Agent? In other words, do we need to have an siteminder agent and then deploy the authentication kit on top of it?

    3. The SPS sounds likea better option which supports mini-cookies or SSL_ID session schemes which produce cookies of 10-byte size which sounds much better. Are there any disadvantages if we go ahead with SPS option?

    4. Does this soultion support only Basic Authentication? If yes, is it secure enough? 

    5. Does SPS require a separate license? We already have siteminder license.

    6. When we go with SPS route, there are 3 files deployed on sps_home/sma and 3 files deployed on webserver_home? Does the webserver_home means a separate webserver all together or can those files be deployed on the httpd instance which comes inbulit with the SPS?

    7. Also any more documentation in reference to Siteminder Intrgration with mobile apps will be much useful ( Ihave gone through the pre release document..is there any other document release officially by CA)

    Thanks in advance



  • 7.  Re: RE: Protecting mobile application with siteminder

    Posted Feb 12, 2016 09:47 AM

    Although it won't answer all of your questions, we just posted a video on YouTube on enabling and using the Mobile App APIs on the CA Access Gateway (formerly Secure Proxy Server). https://youtu.be/6ZMe_7WL_-M



  • 8.  Re: RE: Protecting mobile application with siteminder

    Posted Jan 27, 2016 07:06 AM

    Hello CA Team,

     

    My questions on this are more or less similar to what has been asked by Chakrigolla in the previous post. Can any one from CA answer those queries.

     

    Thanks in advance!

    Abhishek