Transcription
Netegrity SiteMinder IntegrationTechnical NoteVersion 6.0This document describes how to integrate Verity K2 6.0 with a Netegrity SiteMinderIdentity and Access Management (IAM) system. Such integrations enable K2 to accessdocuments protected by SiteMinder and use the authentication specified by SiteMinderpolicies.ContentsIdentity and Access Management Systems. 3Overview of Netegrity SiteMinder Integration . 3Single Sign-On Integration . 3Search and Viewing Integration. 5Indexing Integration. 7Enhancing Performance . 8Required Configuration. 9Configuring Netegrity SiteMinder . 9Creating a Web Agent for K2 . 10Adding the K2 Agent to an Agent Group . 12Configuring the Web Agent Configuration Object . 15Defining a HEAD Web Agent Rule Action . 17Defining the Authentication Scheme . 20August 19, 2005Copyright 2005 Verity, Inc.
Integrating the K2 Application . 22Managing Expired Sessions . 28Managing Cross-Site Scripting (XSS) Detection . 28Configuring the K2 System . 33Configuring a K2 Ticket Server . 34Configuring Basic K2 Ticket Server Settings. 35Setting the Login Module. 36Setting the Persistent Store Module . 37Enabling Pre-Authentication in the K2 Ticket Server 38Attaching a K2 Server or K2 Broker. 39Configuring the Gateway . 40Defining SiteMinder Realms. 42Defining Authentication Forms . 44Creating a Collection Using the SiteMinder Style Set . 47Configuring Basic Collection Settings . 47Attaching the Collection to a K2 Server . 49Configuring the Indexing Job. 50Security . 542Netegrity SiteMinder Integration Technical Note
Identity and Access Management SystemsIdentity and Access Management SystemsTo manage complex security infrastructures, many companies employ an Identity andAccess Management (IAM) system to centrally control identities and their access toresources. You can integrate K2 with leading IAM systems, such as Netegrity SiteMinder,enabling users to log into a Web server with one user name and password and search orbrowse across all repositories.There are two types of security systems with which you can integrate K2: vendor-based—A vendor-based system uses a third-party IAM tool to administer andenforce user access to resources. Examples of these are Netegrity SiteMinder, Oblix,and Tivoli. K2 supports integration with Netegrity SiteMinder. Other vendor-basedIAM integrations can be implemented through Verity Professional Services. generic—A generic system secures documents by requiring authentication on therepository in which they are stored. This is typically accomplished using the standardsecurity features of the Web server and JSP or ASPx code. An example is an IIS serverwith Integrated Windows Authentication (challenge/response).Overview of Netegrity SiteMinder IntegrationVerity developed the SiteMinder/K2 integration in partnership with Netegrity. The jointsolution enables K2 to index, search, and view content on a Web server based onSiteMinder’s authorization policies. K2 supports integrations with SiteMinder versions5.5 and 6.0. A SiteMinder integration with K2 involves three components: Single sign-on integration. See “Single Sign-On Integration” on page 3. Search and viewing integration. See “Search and Viewing Integration” on page 5. Indexing integration. See “Indexing Integration” on page 7.Single Sign-On IntegrationWhen a K2 application and a K2 Ticket Server are integrated with SiteMinder, theauthentication necessary to log into K2 is supplied by SiteMinder and propagated tovarious K2 components. When a user logs into a Web site protected by SiteMinder, aSiteMinder Web Agent authenticates the user by challenging the user for credentials.Netegrity SiteMinder Integration Technical Note3
Overview of Netegrity SiteMinder IntegrationSiteMinder creates a session cookie named SMSESSION in the user’s browser, and insertsan encrypted token containing an ID that uniquely identifies the user in SiteMinder.When the user requests access to K2, the K2 application retrieves the SMSESSION cookieand user ID from the user’s request, and passes them to the K2 Ticket Server. K2 acceptsthe user as authenticated, and issues a K2 ticket without challenging the user forcredentials. This process is called single sign-on.Those same credentials are also used by a Verity gateway to satisfy any authenticationrequests resulting from search and view requests. The user is not challenged forcredentials when required by the gateway. Optionally, the credentials are trusted and notauthenticated by the gateway, but the user ID is verified against the user’s groupmembership. This is called pre-authentication.Figure 1-1 Single Sign-onNote4Single sign-on integration does not allow the user to log into K2administration automatically. If K2 administration is protected by a K2Ticket Server, the administrator must enter a user name and password inthe K2 Dashboard and rcadmin regardless of whether single sign-on isenabled.Netegrity SiteMinder Integration Technical Note
Overview of Netegrity SiteMinder IntegrationSearch and Viewing IntegrationWhen the Verity HTTP gateway is integrated with SiteMinder, K2 enforcesdocument-level security based on SiteMinder’s security policies.NoteIndex-level security using SiteMinder group definitions is not supported.Document-Level SecurityK2 observes the underlying security privileges defined by SiteMinder to control whethera document appears in a results list, and whether a user can retrieve it. If results listfiltering is enabled, the gateway sends an authorization request and SMSESSION cookieto the SiteMinder Policy Server for each returned result from a user’s search. If the PolicyServer denies access, the result is removed from the results list.Figure 1-2 Results List Filtering with SiteMinderNetegrity SiteMinder Integration Technical Note5
Overview of Netegrity SiteMinder IntegrationAuthorization for document viewing occurs in one of two ways, depending on whetherdocument highlighting is enabled. If document highlighting is not enabled, the K2application requests the document directly from the Web server. The Web Agent retrievesthe SMSESSION cookie from the user’s request and approves or denies access to thedocument based on the contents of the SMSESSION cookie.Figure 1-3 Viewing SiteMinder-Protected Content—Highlighting Disabled6Netegrity SiteMinder Integration Technical Note
Overview of Netegrity SiteMinder IntegrationIf document highlighting is enabled, the HTTP gateway sends an SMSESSION cookie andthe document URL to the Web server’s Agent. The Web Agent allows or denies access tothe document based on the contents of the SMSESSION cookie. The gateway thenhighlights the document prior to sending it to the user’s browser.Figure 1-4 Viewing SiteMinder-Protected Content—Highlighting EnabledIndexing IntegrationWhen K2 Spider is integrated with SiteMinder, K2 Spider can index content on a Webserver protected by SiteMinder using either basic or forms authentication. Whenindexing a repository protected by forms authentication, K2 Spider downloads theHTML form and inserts the credential information specified in the indexing job(jobs.ini file). It then submits the form to the form’s action URL for processing. If thelogin fails, either the same form is returned, or an error page defined in the indexing jobis generated.Netegrity SiteMinder Integration Technical Note7
Overview of Netegrity SiteMinder IntegrationFigure 1-5 Indexing SiteMinder-Protected ContentEnhancing PerformanceResults list filtering can place a heavy load on the SiteMinder Policy Server because anauthorization request is sent to the server for every returned result. It is recommendedyou install a dedicated Siteminder Policy Server to be used for K2 results list filtering.Performance may also be improved by restricting the maximum number of documentsreturned from a search by setting the maxDocs parameter. When the number ofdocuments is limited, K2 stops the search after the maximum number of documents arefound and before the entire collection is searched.To set the maximum number of documents returned from a search:8 Using the VSearch Java API, call the setMaxDocCount method in the VSearchobject. See the VSearch Javadoc. Using the Component Framework, define the maxdocs component. See the VerityComponent Framework Developer Guide. Using the Client C API, set the maxDocs member in the K2SearchNew function. Seethe Verity K2 Client Programming Guide.Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderRequired ConfigurationTo integrate Netegrity SiteMinder with K2, you must configure all of the followingcomponents: Netegrity SiteMinder. See “Configuring Netegrity SiteMinder” on page 9. The K2 application. See “Integrating the K2 Application” on page 22. The K2 system, including a K2 Ticket Server, the ticket-granting login module(k2lmtg), the gateway, and K2 Spider. See “Configuring the K2 System” on page 33.Configuring Netegrity SiteMinderTo ensure K2 can access documents protected by SiteMinder, you must configureSiteMinder as follows: Create a K2 Web Agent. See “Creating a Web Agent for K2” on page 10. Add the K2 Agent to an Agent Group. See “Adding the K2 Agent to an Agent Group”on page 12. Ensure the Web Agents protecting resources that will be searched by K2 accept cookiesfrom Custom Agents, and they pass the user variable (SM USER, HTTP SM USER, orsm-user) in the HTTP header. See “Configuring the Web Agent ConfigurationObject” on page 15. Define a HEAD rule action for the Web Agent type. See “Defining a HEAD Web AgentRule Action” on page 17. Ensure protected realms use a basic or HTML form authentication scheme. See“Defining the Authentication Scheme” on page 20.Netegrity SiteMinder Integration Technical Note9
Configuring Netegrity SiteMinderCreating a Web Agent for K2For results list filtering and viewing, the gateway requires the following informationabout the SiteMinder Web Agents protecting repositories: Agent name Authentication URL (login form) or credentials for basic authentication Netegrity Policy Server IP address Shared secretWhen creating a Web Agent in SiteMinder 5.x and higher, defining a shared secret isoptional and is only available for Web Agents supporting SiteMinder 4.X. Most likely,your existing Agents do not have shared secrets defined. The simplest way to ensure ashared secret is available to the gateway is to create a K2 Web Agent with a shared secretspecified, and add this Web Agent to the Agent Groups protecting resources you want K2to search.To create a Web Agent for K2, follow these steps:1. Log into the Netegrity Policy Server.2. Select the System tab in the SiteMinder Administration window.3. Click the Agents object in the System Configuration pane.Figure 1-6 Agent List4. From the menu bar, select Edit Create Agent. The Agent Properties dialog box opens.10Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderFigure 1-7 Agent Properties Dialog Box5. In the Name field, enter the name of the new Agent. This name is case-insensitive, andmust be 7-bit ASCII characters, in the range 32-127.6. In the Description field, enter a short description of the Agent. This is optional.7. Select the Support 4.x agents check box. A further set of controls specific to 4.x Agenttypes appears in the lower part of the dialog box.8. In the Agent Type group box, select the SiteMinder option button, and from thedrop-down list, select Web Agent.9. In the IP Address or Host Name field, enter the IP address or the host name where K2is installed.10.In the Shared Secret field, enter an alphanumeric shared secret that the K2 Agent usesto decrypt data sent by the Policy Server. The secret must be between 1 and 255characters in length and contain no embedded spaces.11.In the Confirm Secret field, re-enter the shared secret.12.Click OK to save the changes and return to the SiteMinder Administration window.Your new Agent is added to the Agent List.Netegrity SiteMinder Integration Technical Note11
Configuring Netegrity SiteMinderAdding the K2 Agent to an Agent GroupThe new K2 Agent must now be added to an Agent group, and the Agent group must beassigned to the realm that K2 will index. An Agent group is a collection of Agents of thesame type grouped together for common resource protection. By adding the K2 Agent tothe Agent group, the K2 Agent adopts the global policy of the group.To add the K2 Agent to an Agent group, follow these steps:1. Click the System tab in the SiteMinder Administration window. If you do not seeAgent Groups listed in the System Configuration pane, click the View menu, andselect Agent Groups.2. Click the Agent Groups object in the System Configuration pane.Figure 1-8 Agent Group List3. Double-click the Agent group to which you want to add the K2 Agent. The AgentGroup Properties dialog box opens.12Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderFigure 1-9 Agent Group Properties Dialog Box4. Click Add/Remove. The Available Agents and Groups dialog box opens.Figure 1-10 Available Agents and Groups Dialog Box5. Select the K2 Agent from the Available Members list.6. Click the Left Arrow to move the K2 Agent to the Current Members list.Netegrity SiteMinder Integration Technical Note13
Configuring Netegrity SiteMinder7. Click OK. The K2 Agent should be listed in the Group Members group box in theAgent Group Properties dialog box.8. Click OK in the Agent Group Properties dialog box.Now you must ensure the Agent group containing the K2 Agent is assigned to therealm(s) that K2 will index. If a realm’s properties contains an Agent name, replace theAgent name with the Agent group name:1. Click the Domain tab in the SiteMinder Administration window.2. Expand the policy domain, and double-click the realm you want to modify. The RealmProperties dialog box opens.Figure 1-11 Realm Properties Dialog Box3. In the Resource group box, enter the Agent group name in the Agent field, and clickOK.14Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderConfiguring the Web Agent Configuration ObjectAny Web Agent protecting a resource that will be indexed or searched by K2 must acceptSMSESSION cookies generated by a Custom Agent (the Verity gateway), and include theSiteMinder user variable in the HTTP header. By default, the user variable is included inthe header, and this setting does not normally need to be changed. Both parameters aredefined in an Agent’s configuration object.To specify these settings, follow these steps:1. Click the System tab in the SiteMinder Administration window.2. Select the Agent Conf Objects object in the System Configuration pane.Figure 1-12 Agent Configuration Object List3. In the Agent Conf Object List, double-click the configuration object for the Agent youwant to modify. The Agent Configuration Objects Properties dialog box opens.Netegrity SiteMinder Integration Technical Note15
Configuring Netegrity SiteMinderFigure 1-13 Agent Configuration Object Properties Dialog Box4. In the Agent Configuration Object Properties dialog box, select the parameteracceptTPCookie. If the value is set to no, click Edit. The Edit Parameter dialog boxopens.Figure 1-14 Edit Parameter Dialog Box5. In the Edit Parameter dialog box, type yes in the Value field, and click OK.6. In the Agent Configuration Object Properties dialog box, select the parameterDisableUserVars.If the value is set to yes, click Edit, type no in the Value field, and click OK. Otherwise,proceed to step 7.7. In the Agent Configuration Object Properties dialog box, click OK.16Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderDefining a HEAD Web Agent Rule ActionK2 Spider uses the HTTP HEAD Web Agent rule action to retrieve information about adocument without actually downloading the document. SiteMinder by default does notallow HEAD actions, so it must be defined for any Web Agent monitoring a repositorythat is indexed by K2 Spider. Rule actions are defined in the Agent type and areassociated with a realm’s rules. The default actions are GET, POST, and PUT.To ensure the Web Agent type includes a HEAD action, follow these steps:1. Click the System tab in the SiteMinder Administration window. If you do not seeAgent Types listed in the System Configuration pane, click the View menu, and selectAgent Types.2. Click the Agent Types objects in the System Configuration pane.Figure 1-15 Agent Type List3. From the Agent Type List, double-click the Web Agent type you want to modify. TheAgent Type Properties dialog box opens.Netegrity SiteMinder Integration Technical Note17
Configuring Netegrity SiteMinderFigure 1-16 Agent Type Properties Dialog Box4. If HEAD is not listed under Actions, then click Create, type HEAD, and click OK.5. In the Agent Type Properties dialog box, click OK to save the changes and return to theSiteMinder Administration window.Next, verify that your policy rule contains the updated list of actions:6. In the SiteMinder Administration window, click the Domains tab.18Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderFigure 1-17 List of Rules and Realms7. Expand the Domain object and click Realms to show the rules applied to each realm. Arealm is a Netegrity Policy Server object that identifies a group of resources. Realmstypically define a directory or folder and possibly its subdirectories.8. To enable the HEAD action in a rule, double-click the rule. The Rule Properties dialogopens.Netegrity SiteMinder Integration Technical Note19
Configuring Netegrity SiteMinderFigure 1-18 Rule Properties9. Select HEAD in the Web Agent Action list. Click OK.Defining the Authentication SchemeSiteMinder supports a variety of authentication schemes; however, K2 only supportsbasic (user name/password) authentication and HTML forms-based authentication.Authentication schemes are assigned to realms. When a user tries to access a resource in arealm, the authentication scheme of the realm determines the credentials that a user mustsupply in order to access the resource. Any realm that will be accessed by K2 must useone of the supported schemes.To change the authentication scheme of a realm, follow these steps:1. Click the Domains tab in the SiteMinder Administration window.2. Expand the Domain object and double-click the realm you want to modify. The RealmProperties dialog box opens.20Netegrity SiteMinder Integration Technical Note
Configuring Netegrity SiteMinderFigure 1-19 Realm Properties Dialog Box3. From the Authentication Scheme drop-down list, select an authentication scheme thatuses the Basic Template or HTML Form Template authentication scheme type. ClickOK.Netegrity SiteMinder Integration Technical Note21
Integrating the K2 ApplicationIntegrating the K2 ApplicationA typical non-single sign-on K2 application includes a JSP/ASPx page with a form thatgathers user credentials and subsequently calls K2 APIs that login the user. In aSiteMinder single sign-on system, the K2 application must retrieve the SMSESSIONcookie, and the user ID variable from the HTTP headers and pass them to the K2credentials. The single sign-on login process is as follows:1. The SiteMinder Web Agent challenges the user for credentials.2. The SiteMinder Web Agent sends the credentials to the SiteMinder Policy Server.3. The Policy Server returns authorization to the Web Agent.4. The Web Agent creates a SMSESSION cookie on the client’s browser. This cookiecontains SMSESSION which is the session ID for the user’s session, and SM USERwhich is the user’s ID.5. The K2 application retrieves the SMSESSION and SM USER from the Web header andpasses them to the K2 credentials.6. The K2 application passes the credential information to the K2 Ticket Server.7. The Ticket Granting Login module (k2lmtg) issues a ticket and passes the ticket to theK2 application.8. The K2 ticket is kept in memory until the ticket expires.With SiteMinder, the K2 application must retrieve the following user variables from theWeb header, and pass them to the K2 credentials:Table 1SiteMinder User VariablesEnvironmentUser variableSession variableWindows ASPxHTTP SM USERSMSESSIONWindows JSPSM USERSMSESSIONUnix platformsm-userSMSESSIONThe user variable is passed through the USERNAME KEY, and the session variable ispassed either through the EXTENSION KEY or the USER PARAMS key.22Netegrity SiteMinder Integration Technical Note
Integrating the K2 ApplicationEXTENSION KEY and USER PARAMS KeyThe EXTENSION KEY and USER PARAMS key contain extended user data in the form ofname/value pairs enabling pre-authenticated access into the gateway. Withpre-authentication, the gateway does not authenticate the user, but simply validates theSMSESSION cookie. When the SMSESSION cookie is passed through theEXTENSION KEY or USER PARAMS keys pre-authentication mode must be enabled inthe gateway and the K2 Ticket Server. See “Enabling Pre-Authentication in the K2 TicketServer” on page 38 and “Configuring the Gateway” on page 40.You would typically use the EXTENSION KEY to pass user data when the collections youare searching have pre-authentication enabled, are protected by SiteMinder, and accessHTTP repositories only. You would typically use the USER PARAMS key when thecollections you are searching have pre-authentication enabled, are protected bySiteMinder, and access different types of repositories, such as Documentum, Lotus Notes,and HTTP.To set the EXTENSION KEY, define the key name as SMESESSION, and the value ofSMSESSION using the VSearch.setExtensionCredential (String key,String value) method. See the VSearch Javadoc for more information.To set the USER PARAMS key, use theVSearch.addUserParamCredential(userParams) method. See the VSearchJavadoc for more information. The format of the USER PARAMS key is as follows:USER PARAMS HTTP NETG:smsession value where HTTP NETG is the gateway-specific pre-authentication key, andsmsession value is the SMSESSION cookie. Use a tab character (\t) to separatemultiple session cookies.Netegrity SiteMinder Integration Technical Note23
Integrating the K2 ApplicationExample %@ page import "java.net.*" % %@ page import "com.verity.search.*" % String serverSpec "localhost:9948";VSearch vs new VSearch();vs.setServerSpec(serverSpec);//Retrieve the header information passed after authenticating tothe JSP page:String sm user null;String smsession null;String sm user request.getHeader("SM USER");String smsession request.getHeader("smsession value");//Alternatively, you can retrieve the cookie usingrequest.getHeader(“cookie”), and process the cookie until youreach SMSESSION and its value.//Set k2UserName and pass the SMSESSION. The following exampleuses the USER PARAMS key:String userParams null;vs.setK2UserName(sm user);userParams " HTTP NETG:" smsession " lue("user",sm user);ticket vs.k2Login();//Set k2UserName and pass the SMSESSION. The following exampleuses the EXTENSION KEY:String extensionKeyname null;String extensionKeyvalue null;extensionKeyname "SMSESSION";extensionKeyvalue smsession value;vs.setExtensionCredential(extensionKeyname, extensionKeyvalue);vs.setK2UserName(sm user)ticket vs.k2Login();//Put the ticket as the session variable:sess.putValue("ticket", ticket);24Netegrity SiteMinder Integration Technical Note
Integrating the K2 ApplicationYou can also retrieve the header information and set the credentials through the LoginAPIs provided by the remote context. For example: %@ page import "java.util.*" % %@ page import "com.verity.search.*" % %@ page import "java.net.*" % %@ page import "com.verity.rpc.*" % StringStringStringStringStringStringserverSpec "localhost:9948";sm user null;smsession null;extensionKeyname null;extensionKeyvalue null;userParams null;String sm user request.getHeader("SM USER");String smsession request.getHeader("smsession value");RemoteContext ctx new enticationProperties props new AuthenticationProperties();//Set username and pass the SMSESSION. The following example usesthe USER PARAMS key:userParams " HTTP NETG:" smsession " ";props.setUserParam(userParams);Ticket g objTicket ctx.login("sm user",null,props);ticket g objTicket.toString();//Set username and pass the SMSESSION. The following example usesthe EXTENSION KEY:extensionKeyname "SMSESSION";extensionKeyvalue smsession value;props.setExtensionCredential (extensionKeyname,extensionKeyvalue);Ticket g objTicket ctx.login("sm user",null,props);ticket g objTicket.toString();Netegrity SiteMinder Integration Technical Note25
Integrating the K2 ApplicationComponent FrameworkTo set credential information using the Component Framework, follow these steps:1. Before the login component is drawn, set AutoLogin to TRUE through the applicationconfig.xml or the setParam() method in the VComponents API. For ,"true");2. Forward the SM USER and SMSESSION to the login component page and pass theSM USER and SMSESSION to the EXTENSION KEY or USER PARAMS key through thesetParam() method of the VComponents API.The following example passes the credential information through theEXTENSION KEY:java.util.Properties p new put("value","smsession ey",p);The following example passes the credential information through the USER PARAMSkey:java.util.Properties p new java.util.Properties();String userParams " HTTP NETG:" smsession " ial",userParams);3. Draw the Login component. If the login is successful, the component redirects thebrowser to the refer page. If the login fails, the component is drawn with an errormessage.4. The K2 application passes the credential information to the K2 Ticket Server which,using the Ticket Granting Login module (k2lmtg), issues a ticket and passes the ticketto the K2 application. The K2 ticket is kept in memory until the ticket expires.Note26For more information on the Component Framework, see the VerityComponent Framework Developer Guide.Netegrity SiteMinder Integration Technical Note
Integrating the K2 ApplicationExample Using the Component Framework//Set the AutoLogin option to TRUE through either the applicationconfig.xml or the setParam() method of the VComponents API.//To set AutoLogin in the application config.xml: LoginComponent Name "loginBox" Xsl "loginBox.xsl" DefaultReferPage index.jsp /DefaultReferPage AutoLogin true /AutoLogin IgnoreRequestRefer true /IgnoreRequestRefer MaximumRetries 3 /MaximumRetries /LoginComponent //To set AutoLogin using the setParam() method of the VComponentsAPI in the JSP page: %@ page import "com.verity.component.VComponents" % %@ page import "java.util.*" % %@ page import "java.net.*" % % VComponents components VComponents.getInstance(pageContext,"search");% % components.draw("logoffButton")% );components.setParam("loginBox","User","sm user");//Set SMSESSION through either the EXTENSION KEY or theUSERPARAMS key:java.util.Properties p new java.util.Properties();//Set SMSESSION through the EXTENSION KEY:p.put("key","SMSESSION");p.put("value"," smsession ey",p);//Set SMSESSION through the USERPARAMS key:String userParams " HTTP NETG:" smsession " ial",userParams);String loginStr components.draw("loginButton");% Netegrity SiteMinder Integration Technical Note27
Integrating the K2 ApplicationManaging Expired SessionsTo manage an expired session, call the checkK2Ticket method in VSearch to checkwhether the ticket issued by K2 Ticket Server is still valid. If the ticket is not valid, call thek2Login method to re-issue the login request to get a new ticket.If the SMSESSION cookie expires, but the K2 ticket is valid, a search request returns amessage indicating the user is invalid, and requests gateway credentials. To handle thissituation, the JSP/ASPx code should log out the user, re-issue a new login, retrieve a newK2 ticket, and re-send the search request. The new login credentials would contain a newvalid SMSESSION cookie retrieved from the Web headers.Managing Cross-Site Scripting (XSS) DetectionNetegrity SiteMinder has a feature intended to prevent malicious users from submittingCross Site Scripting (XSS) attacks through Web applications. When XSS checking(referred to as CSS checking in SiteMinder) is enabled, the Web Agent will not accept aVerity Query Language (VQL) search containing escaped and unescaped versions ofcharacters that are defined i
Overview of Netegrity SiteMinder Integration Verity developed the SiteMinder/K2 integration in partnership with Netegrity. The joint solution enables K2 to index, search, and view content on a Web server based on SiteMinder's authorization policies. K2 supports integrations with SiteMinder versions 5.5 and 6.0.
