Symantec Access Management

  • Private Community

  • 1.  SiteMinder SSO Agent for outbound traffic to the internet?

    Posted May 14, 2015 03:17 PM

    We want to authenticate users on their way out of the company network to the internet.  Has anyone implemented this before?

     

    Initial idea is to use an outbound apache/reverse proxy (several of them) with a web agent sitting in front of the outbound internet proxies.

     

    Curious if this would work and if cookie domains could be a problem.

     

    Any thoughts or other ideas? Much appreciated.



  • 2.  Re: SiteMinder SSO Agent for outbound traffic to the internet?
    Best Answer

    Posted May 15, 2015 09:03 AM

    I guess I have a couple of questions. Hopefully your users are already authenticated at the desktop level

    1. Why would you want to do this?
    2. What good will it do you? The session cookie is only good for your internal applications that you protect. Maybe I am missing something.

     

    Reverse proxies are for obfuscating the IP's behind it and to my knowledge they are always inbound. I believe you might be looking for a forward web proxy that takes your already authenticated desktop/laptop user and forwards them to the internet based upon their already authenticated username, in which case you would not need a SiteMinder agent.



  • 3.  Re: SiteMinder SSO Agent for outbound traffic to the internet?

    Posted May 15, 2015 09:17 AM

    Sometimes it is best not to ask these questions. ;-)

     

    Yes, perhaps a forward web proxy is the answer.  Would this type of proxy support a web agent?  What about CA's Secure Proxy Server (SPS)?