Oracle® Fusion Middleware
Part 14. CA SiteMinder filters

CA SiteMinder can authenticate end-users and authorize them to access protected web resources. The API Gateway can interact directly with SiteMinder by asking it to make authorization decisions on behalf of end-users that have successfully authenticated to API Gateway. The API Gateway then enforces the decisions made by SiteMinder.

Integration with CA SiteMinder requires CA SiteMinder SDK version 12.0-sp1-cr005 or later. You must add the required third-party binaries to your API Gateway and Policy Studio installations. For more information, see the following sections:

Configure the following fields on the SiteMinder Authorization filter:

Name:

Enter an appropriate name for the filter.

Attributes:

If the end-user is successfully authorized, the attributes listed here are returned to the API Gateway and stored in the attribute.lookup.list message attribute. They can then be used by subsequent filters in a policy to make decisions on their values. Alternatively, they can be inserted into a SAML attribute assertion so that the target service can apply some business logic based on their values (for example, if role is CEO, escalate the request, and so on).

Select the Retrieve attributes from CA SiteMinder check box, and click the Add button to specify an attribute to fetch from SiteMinder. If you select the Retrieve attributes from CA SiteMinder check box, and do not specify attribute names to be retrieved, all attributes returned by SiteMinder are added to the attribute.lookup.list message attribute.