SiteMinder is the new Web Access Management system used by the
University of Illinois, which will replace both Enterprise
Authentication System (EAS) and Bluestem authentication. This system
provides the following Identity and Access Management functions:
- Authentication (AuthN): Authentication or logon
is the process by which users are challenged to prove their credentials
to the system or application they are trying to access.This process can
be as simple as providing a user ID and password, or by using
multi-factor authentication such as using certificates as well as user
ID and password
- Authorization (AuthZ): Authorization is the
process of ensuring that authenticated users have the right privileges
(the minimum amount of access required to carry out their assigned
duties) to access University resources. SiteMinder may leverage the
following methods for authorization: LDAP/AD groups, different user
stores and user attributes (data about users).
- Single Sign-On (SSO): SSO is the process by
which users are challenged to authenticate once and access multiple
applications and systems without being challenged again during the same
- Multi-factor Authentication: This process is
the combination of more than one type of authentication. This type of
authentication may include some thing you know combined with something
you have. For instance, the something you know is your user id/password
and the something you have is a certificate or a code stored on your
device. Although this feature is available in SiteMinder, it will not be
used until later stages of the IAM project.
- Federation: In the simplest terms, federation
is the ability to leverage users credentials from other institutions to
access resources protected by SiteMinder and/or leverage University of
Illinois credentials to access external resources. Currently the
University of Illinois uses Shibboleth for federation, which will be
integrated with SiteMinder authentication.
See the CA SiteMinder Overview document for more detailed information about SiteMinder features and capabilities.
For detailed information about the IAM project status and timeline, see the Status and Timeline. The first go-live date occurred on December 8, 2012.
- Here is the list of applications along with their go-live dates. Other applications will be added to this list as they are finalized.
- Because of the project
stages and the difference in user passwords (campus vs. enterprise),
the initial deployment of SiteMinder includes a temporary log-in page similar to EAS
and Bluestem that was presented to users in December. Once the password
synchronization project is complete, a new University-wide log-in page
will be deployed.
- Users are expected to use their current user ID/password for enterprise and campus applications.
- IAM will deploy the various infrastructure components to environments established for development, test, and production.
The second phase of SiteMinder Deployment will include:
- Migration of additional enterprise and campus applications. Examples of such applications include the CA Service Desk, Banner and related products, SharePoint, etc.
of SiteMinder with Shibboleth, in which SiteMinder becomes the
Enterprise Identity Provider (IDP) for the various federated
- Development of more detailed business plans for requesting, deploying and maintaining SiteMinder Access Policies.
- Introduction of an advanced authorization processes using SiteMinder.
End User Impact
The first time you log into the SiteMinder-protected Web Application, you will encounter one of the following scenarios:
- You have bookmarked the application from the apps.uillinois.edu
page and will immediately log into the application upon authentication.
- If you bookmark this application at the EAS page, however, you will be prompted to authenticate twice.
When you access the SiteMinder-protected Web Application URL:
- You will log into the Enterprise Authentication System (EAS) page.
- After clicking Login, you will be re-directed to the SiteMinder page, where you need to log in again.
- You should reach your application and be able to proceed.
- The new SiteMinder page has been created to look like the EAS
page. The only change to the page is the CA SiteMinder logo at the
bottom of the page. It might seem that you are logging in twice but you
are actually logging into 2 different authentication systems.
Note concerning passwords:
- If you change your password between now and April 2013, when you
change your password, it will propagate to both SiteMinder and EAS.
- If your password expires between now and April 2013, you will
not receive a password expiration message in SiteMinder. This message
will only be displayed in EAS.