RE: FB3 and SiteMinder

Wed, 17 Apr 2002 09:55:46 -0700

Title: FB3 and SiteMinder
Some of what you suggest defeats the purpose of using SiteMinder. We spent a zillion dollars on this product. It integrates with CF very well. It just seems to be having trouble with FB3. I would hope that any architcture used for the web apps could be supported by SiteMinder.
 
The specific scenerio is that we have a top level circuit. We want no security on that ciruit at all; it should be open to everyone. We have an admin circuit under the top level circuit. The admin circuit should be secured. We have SiteMinder security on the admin circuit. Because FB3 executes all code from the top level circuit by including appropriate files from the admin circuit, the security never kicks in.
 
We would really like to find a way to make SiteMinder work with FB3. The options could boil down to dumping SiteMinder (not likely due to $$$ spent) or dumping FB3 (going back to FB2). We will continue researching this for a while. In the meantime, we have made the admin circuit a separate application. This is a bandaid in my opinion. I know that FB3 supports nested apps, but the admin circuit should be part of the app it supposed to administer. Please let me know if anyone out there with SiteMinder experience is using it with FB3. Thanks.
 
--Jeffrey
-----Original Message-----
From: Daniel Daugherty [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 6:21 AM
To: '[EMAIL PROTECTED]'
Subject: RE: FB3 and SiteMinder

    I would recommend setting up in addition or in place of the SiteMinder security a CF layer of security around your circuit apps and the individual circuits that they contain.  I have not worked with siteminder my self but I believe that it will also work as a policy store so you can use it to contain your access list to these and have them passed into cold fusion when the user has logged in.  Or you can use site minder just to manage login access and control where and what a user can do in CF.  This is how I generally work things when working with NT auth or SiteMinder type logins.  Tough I would say if you can use SiteMinder to hold your security settings that I would do that so you have a single repository for security.  Oh for setting up CF level restriction check out Hal Helms security tag and docs on his site.  www.halhelms.com
 
Hope this helps
Daniel
-----Original Message-----
From: Jeffrey Marsh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 16, 2002 6:30 PM
To: [EMAIL PROTECTED]
Subject: FB3 and SiteMinder

Does anyone use SiteMinder and CF together? We use SiteMinder for our web security. In that tool, you secure web directories or individual files (SiteMinder calls them resources). We have found that the security doesn't apply on files <cfinclude>d from another circuit. Because FB3 runs all files from the top-level circuit, it seems impossible to secure a child circuit individually. If I want to secure a circuit of my application, but not the entire application, it appears that I am out of luck. Does anyone know if there's an easy way to do this? Thanks!

--Jeffrey

==^================================================================
This email was sent to: [email protected]

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================

**************************************************************************** This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. Thank you very much. ****************************************************************************

Reply via email to