Finally I can contribute back to this list!
I/we use Siteminder for ALL of our webservers here. I am a Siteminder administrator as well.
Siteminder works with mailing lists, ldap, rules and policies. Policies can be assigned to directories, subdirectories and even individual files with the rules that either allow access or redirect the user to a failed page depending upon the restrictions to that directory. It can get pretty tricky to protect/secure all files in a fusebox app. Have you applied one policy to the top most circuit with a *? for example
Rule : Protect fusboxapp
dev/myFuseboxApp/*
and then assigned this rule to a ploy that allows access to this directory?
Why don't you write me off-line if you want to go with Siteminder instead of the CF Security tag. Maybe I can offer some assistance.
Loryn Williams
Daniel Daugherty wrote:
I would recommend setting up in addition or in place of the SiteMinder security a CF layer of security around your circuit apps and the individual circuits that they contain. I have not worked with siteminder my self but I believe that it will also work as a policy store so you can use it to contain your access list to these and have them passed into cold fusion when the user has logged in. Or you can use site minder just to manage login access and control where and what a user can do in CF. This is how I generally work things when working with NT auth or SiteMinder type logins. Tough I would say if you can use SiteMinder to hold your security settings that I would do that so you have a single repository for security. Oh for setting up CF level restriction check out Hal Helms security tag and docs on his site. www.halhelms.comHope this helpsDaniel-----Original Message-----Does anyone use SiteMinder and CF together? We use SiteMinder for our web security. In that tool, you secure web directories or individual files (SiteMinder calls them resources). We have found that the security doesn't apply on files <cfinclude>d from another circuit. Because FB3 runs all files from the top-level circuit, it seems impossible to secure a child circuit individually. If I want to secure a circuit of my application, but not the entire application, it appears that I am out of luck. Does anyone know if there's an easy way to do this? Thanks!
From: Jeffrey Marsh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 6:30 PM
To: [EMAIL PROTECTED]
Subject: FB3 and SiteMinder
--Jeffrey
**************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much. ****************************************************************************
==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
