I'm using siteminder to secure an admin directory for an app. To do this with FB3, I just added the core files to the admin directory, so it could be entered at
myApp/Admin/index.cfm instead of myApp/index.cfm?fuseaction=admin.dspHome I gues this is somewhat of a *fix*, but dumping the pricy policy server was not an option for me either. I'm sure a SiteMinder expert could help you write something to work with your FB3 app as it is now, but they charge pretty high fees. ---------- Original Message ---------------------------------- From: Jeffrey Marsh <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 17 Apr 2002 10:08:04 -0700 >Some of what you suggest defeats the purpose of using SiteMinder. We spent a >zillion dollars on this product. It integrates with CF very well. It just >seems to be having trouble with FB3. I would hope that any architcture used >for the web apps could be supported by SiteMinder. > >The specific scenerio is that we have a top level circuit. We want no >security on that ciruit at all; it should be open to everyone. We have an >admin circuit under the top level circuit. The admin circuit should be >secured. We have SiteMinder security on the admin circuit. Because FB3 >executes all code from the top level circuit by including appropriate files >from the admin circuit, the security never kicks in. > >We would really like to find a way to make SiteMinder work with FB3. The >options could boil down to dumping SiteMinder (not likely due to $$$ spent) >or dumping FB3 (going back to FB2). We will continue researching this for a >while. In the meantime, we have made the admin circuit a separate >application. This is a bandaid in my opinion. I know that FB3 supports >nested apps, but the admin circuit should be part of the app it supposed to >administer. Please let me know if anyone out there with SiteMinder >experience is using it with FB3. Thanks. > >--Jeffrey > >-----Original Message----- >From: Daniel Daugherty [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, April 17, 2002 6:21 AM >To: '[EMAIL PROTECTED]' >Subject: RE: FB3 and SiteMinder > > > I would recommend setting up in addition or in place of the SiteMinder >security a CF layer of security around your circuit apps and the individual >circuits that they contain. I have not worked with siteminder my self but I >believe that it will also work as a policy store so you can use it to >contain your access list to these and have them passed into cold fusion when >the user has logged in. Or you can use site minder just to manage login >access and control where and what a user can do in CF. This is how I >generally work things when working with NT auth or SiteMinder type logins. >Tough I would say if you can use SiteMinder to hold your security settings >that I would do that so you have a single repository for security. Oh for >setting up CF level restriction check out Hal Helms security tag and docs on >his site. www.halhelms.com <http://www.halhelms.com> > >Hope this helps >Daniel > >-----Original Message----- >From: Jeffrey Marsh [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, April 16, 2002 6:30 PM >To: [EMAIL PROTECTED] >Subject: FB3 and SiteMinder > > > >Does anyone use SiteMinder and CF together? We use SiteMinder for our web >security. In that tool, you secure web directories or individual files >(SiteMinder calls them resources). We have found that the security doesn't >apply on files <cfinclude>d from another circuit. Because FB3 runs all files >from the top-level circuit, it seems impossible to secure a child circuit >individually. If I want to secure a circuit of my application, but not the >entire application, it appears that I am out of luck. Does anyone know if >there's an easy way to do this? Thanks! > >--Jeffrey > > >**************************************************************************** >This message is intended for the sole use of the individual and entity to >whom it is addressed, and may contain information that is privileged, >confidential and exempt from disclosure under applicable law. If you are >not the intended addressee, nor authorized to receive for the intended >addressee, you are hereby notified that you may not use, copy, disclose or >distribute to anyone the message or any information contained in the >message. If you have received this message in error, please immediately >advise the sender by reply email and delete the message. Thank you very >much. >**************************************************************************** > > > > ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
