Технические ссылки для Cisco Cisco Transport Manager 9.2
6
Cisco Transport Manager Release 9.2 Basic External Authentication
OL-21046-01
SiteMinder System Flow
Compatibility
The external authentication feature supports the applications listed in the following table.
SiteMinder System Flow
Basic external authentication occurs as follows (see
):
1.
The CTM installation installs one user, the SysAdmin. As a SysAdmin user, you configure external
authentication settings in the CTM client Control Panel.
authentication settings in the CTM client Control Panel.
2.
The CTM client forwards the authentication request to the CTM server.
3.
The CTM server uses the SiteMinder API to authenticate the user on the SiteMinder server. If the
authentication is valid, the SiteMinder server responds with true. The user type is retrieved from the
database and the CTM server opens a login session with the CTM client. If the SiteMinder policy
server is down but the SysAdmin user is enabled, the SysAdmin can connect to the server because
the user profile is certified locally by the server. You can change the configuration by choosing the
CTM server authentication process for recovery.
authentication is valid, the SiteMinder server responds with true. The user type is retrieved from the
database and the CTM server opens a login session with the CTM client. If the SiteMinder policy
server is down but the SysAdmin user is enabled, the SysAdmin can connect to the server because
the user profile is certified locally by the server. You can change the configuration by choosing the
CTM server authentication process for recovery.
CTM Agent Behavior
The CTM agent initiates the following sequence of events:
1.
Initialization and connection.
Before an instance of the SiteMinder agent can perform work on behalf of the CTM server, it
initializes connections to one or more policy servers (4.x or 5.x agents). The administrator specifies
connection parameters such as server IP address and connection ports. This step, which is generally
performed only once, creates TCP connections. After the agent API initializes, all API calls are
thread-safe with respect to the initialized API instance.
initializes connections to one or more policy servers (4.x or 5.x agents). The administrator specifies
connection parameters such as server IP address and connection ports. This step, which is generally
performed only once, creates TCP connections. After the agent API initializes, all API calls are
thread-safe with respect to the initialized API instance.
2.
Version setting.
Immediately after initialization, the CTM agent communicates its version information to the policy
server with an API command. The actual information is read from the Control Panel and reports the
SiteMinder agent version numbers. The agent version is recorded in the policy server logs. When
the CTM agent API initializes, the agent begins work. The CTM server begins accepting user
requests, such as GET requests from Java client sessions.
server with an API command. The actual information is read from the Control Panel and reports the
SiteMinder agent version numbers. The agent version is recorded in the policy server logs. When
the CTM agent API initializes, the agent begins work. The CTM server begins accepting user
requests, such as GET requests from Java client sessions.
The outcome of most steps can be cached to improve CTM performance. CTM can choose to cache
as few or as many instances as possible. A specific instance is cached for each user connection.
as few or as many instances as possible. A specific instance is cached for each user connection.
3.
User login request.
User logins are application-specific requests. For example, the agent accepts a user’s request and
issues a SiteMinder API call to determine whether the requested resource
(/CtmServerPrivate/index.html) is protected. That is, the CTM agent asks the policy server if the
CTM server is available for that user profile. If the resource is protected, the policy server returns
issues a SiteMinder API call to determine whether the requested resource
(/CtmServerPrivate/index.html) is protected. That is, the CTM agent asks the policy server if the
CTM server is available for that user profile. If the resource is protected, the policy server returns
Table 2
Application Compatibility
Application
Version
SiteMinder policy server
Release 6.0 SP5
LDAP policy store
Sun directory server version 5.2