SiteMinder is the new Web Access Management system used by the University of Illinois, which will replace both Enterprise Authentication System (EAS) and Bluestem authentication. This system provides the following Identity and Access Management functions:
- Authentication (AuthN): Authentication or logon is the process by which users are challenged to prove their credentials to the system or application they are trying to access.This process can be as simple as providing a user ID and password, or by using multi-factor authentication such as using certificates as well as user ID and password
- Authorization (AuthZ): Authorization is the process of ensuring that authenticated users have the right privileges (the minimum amount of access required to carry out their assigned duties) to access University resources. SiteMinder may leverage the following methods for authorization: LDAP/AD groups, different user stores and user attributes (data about users).
- Single Sign-On (SSO): SSO is the process by which users are challenged to authenticate once and access multiple applications and systems without being challenged again during the same session.
- Multi-factor Authentication: This process is the combination of more than one type of authentication. This type of authentication may include some thing you know combined with something you have. For instance, the something you know is your user id/password and the something you have is a certificate or a code stored on your device. Although this feature is available in SiteMinder, it will not be used until later stages of the IAM project.
- Federation: In the simplest terms, federation is the ability to leverage users credentials from other institutions to access resources protected by SiteMinder and/or leverage University of Illinois credentials to access external resources. Currently the University of Illinois uses Shibboleth for federation, which will be integrated with SiteMinder authentication.
See the CA SiteMinder Overview document for more detailed information about SiteMinder features and capabilities.
For detailed information about the IAM project status and timeline, see the Status and Timeline. The first go-live date occurred on December 8, 2012.
- Here is the list of applications along with their go-live dates. Other applications will be added to this list as they are finalized.
- Because of the project stages and the difference in user passwords (campus vs. enterprise), the initial deployment of SiteMinder will include a temporary log-in page similar to EAS and Bluestem that will be presented to users in December. Once the password synchronization project is complete, a new University-wide log-in page will be deployed.
- Users are expected to use their current user ID/password for enterprise and campus applications.
- IAM will deploy the various infrastructure components to environments established for development, test, and production.
The second phase of SiteMinder Deployment will include:
- Migration of additional enterprise and campus applications. Examples of such applications include the CA Service Desk, Banner and related products, SharePoint, etc.
- Integration of SiteMinder with Shibboleth, in which SiteMinder becomes the Enterprise Identity Provider (IDP) for the various federated applications.
- Development of more detailed business plans for requesting, deploying and maintaining SiteMinder Access Policies.
- Introduction of an advanced authorization processes using SiteMinder.
End User Impact
The first time you log into the SiteMinder-protected Web Application, you will encounter one of the following scenarios:
- You have bookmarked the application from the apps.uillinois.edu page and will immediately log into the application upon authentication.
- If you bookmark this application at the EAS page, however, you will be prompted to authenticate twice.
When you access the SiteMinder-protected Web Application URL:
- You will log into the Enterprise Authentication System (EAS) page.
- After clicking Login, you will be re-directed to the SiteMinder page, where you need to log in again.
- You should reach your application and be able to proceed.
- The new SiteMinder page has been created to look like the EAS page. The only change to the page is the CA SiteMinder logo at the bottom of the page. It might seem that you are logging in twice but you are actually logging into 2 different authentication systems.
Note concerning passwords:
- If you change your password between now and April 2013, when you change your password, it will propagate to both SiteMinder and EAS.
- If your password expires between now and April 2013, you will not receive a password expiration message in SiteMinder. This message will only be displayed in EAS.