Contents
CA SiteMinder can authenticate end-users and authorize them to access protected Web resources. The API Gateway can interact directly with SiteMinder by asking it to make authorization decisions on behalf of end-users that have successfully authenticated to API Gateway. The API Gateway then enforces the decisions made by SiteMinder.
| ![[Important]](../common_oracle/images/admon/important.png) | Important | 
|---|---|
| A SiteMinder authentication filter must be configured before a SiteMinder authorization filter is created. In other words, end-users must authenticate to SiteMinder before they can be authorized. | 
Integration with CA SiteMinder requires CA SiteMinder SDK version 12.0-sp1-cr005 or later. You must add the required third-party binaries to your API Gateway and Policy Studio installations.
API Gateway
To add third-party binaries to the API Gateway, you must perform the following steps:
- 
                        Add the binary files as follows: - 
                                 Add .jarfiles to theinstall-dir/apigateway/ext/libdirectory.
- 
                                 Add .dllfiles to theinstall-dir\apigateway\Win32\libdirectory.
- 
                                 Add .sofiles to theinstall-dir/apigateway/platform/libdirectory.
 
- 
                                 
- 
                        Restart the API Gateway. 
Policy Studio
To add third-party binaries to Policy Studio, you must perform the following steps:
- 
                        Select Windows -> Preferences -> Runtime Dependencies in the Policy Studio main menu. 
- 
                        Click Add to select a JAR file to add to the list of dependencies. 
- 
                        Click Apply when finished. A copy of the JAR file is added to the pluginsdirectory in your Policy Studio installation.
- 
                        Click OK. 
- 
                        Restart Policy Studio. 
Configure the following fields on the SiteMinder Authorization filter:
Name:
Enter an appropriate name for the filter.
Attributes:
                        If the end-user is successfully authorized, the attributes listed here 
                        are returned to the API Gateway and stored in the 
                        attribute.lookup.list message attribute. They can 
                        then be used by subsequent filters in a policy to make decisions on their 
                        values. Alternatively, they can be inserted into a SAML attribute assertion 
                        so that the target service can apply some business logic based on their values 
                        (for example, if role is CEO, escalate the request, and so on).
                      
               
                        Select the Retrieve attributes from CA SiteMinder checkbox, 
                        and click the Add button to specify an attribute to fetch 
                        from SiteMinder.
                        If you select the Retrieve attributes from CA SiteMinder 
                        checkbox, and do not specify attribute names to be retrieved, all attributes
                        returned by SiteMinder are added to the attribute.lookup.list 
                        message attribute.
                      
               

