Cams Administrator's Guide

Cams Administrator's Guide
Version 3.0

Table of Contents

Introduction

Centralized Web Security

The Cams Policy Server

Security Domains

The Authentication Service

The Access Control Service

Access Control Requests/Responses

Cams Auditing

Cams Web Agents

Cams Web Agent Components

Executables and Libraries

Configuration Files

Dynamic HTML Pages

Additional Cams Web Agent Features

Web Single Sign-on

Cross DNS Domain Web Single Sign-on

Installation

Step 1 - Obtain Cams

Step 2 - Unpack the distribution files

Step 3 - Install the license key

Step 4 - Install Java (if necessary)

Step 5 - Start the Cams policy server

Step 6 - Test

Integration Quick Start

Step 1 - Configure authentication

Step 2 - Configure a basic access control policy

Step 3 - Set the Cams policy server bind address

Step 4 - Configure a Cams web agent

Step 5 - Next steps

Policy Server Configuration

Configuring cams-reg-default.conf

Configuring cams.conf

Configuring the Bind Address

Allocating Memory

Security Domain Configuration

Configuring the Cams Security Domain Registry

Substitution Values

Configuring Cams Security Domains

Cams Loggers

Configuring the Trace Logger

Configuring the Authentication Service

Authentication Log

Configuring the Access Control Service

Access Control Log

Configuring the Session Manager Service

Session Manager Log

Configuring the Session Access Service

Session Access Log

Configuring the Session Control Service

Session Control Log

Configuring Service Manager Services

Example Service Configuration

Access Control Policy Monitor Service

Active Directory Group Name Service

JDBC Connection Pool Service

Cams XML User Repository Service

Security Domain Registry Tag Reference

Security Domain Tag Reference

Login Configuration

Login Configuration

Login Modules

Active Directory Login Module

Digipass JDBC Login Module

JDBC Login Module

LDAP Login Module

RSA SecurID Login Module

X.509 Certificate Login Module

XML Login Module

Callback Handlers

Login Parameters

Customizing LoginException Messages

Support for Password Digests

Configuring Automatic HTTP User Login

Configuring Cams Cross DNS Domain Web Single Sign-On

Login Configuration Tag Reference

Access Control Services

Access Control Conceptual Model

Cams Security Domains

How Cams Access Control Works

Managing a Cams Access Control Policy

Configuring a Cams Access Control Policy

Access Control Policy Tag Reference

Configuring Permissions

Configuring Access Control Rules

Policy Server Clustering Overview

Clustering Benefits

Clustering Requirements

System Requirements

Configuration Requirements

Network Requirements

Licensing Requirements

Recommended Topology

How Cams Policy Server Clustering Works

Cams Policy Server Configuration

Cams Web Agent Configuration

Cams Policy Server Failover

Cams Policy Server Recovery

Cams Policy Server Load Balancing

Managing Cams Policy Server Files in a Cluster

Clustering Limitations

Policy Server Clustering Quick Start

Prerequisites

Step 1 - Create master Cams cluster files

Step 2 - Register each Cams policy server

Step 3 - Create the cluster directory structure

Step 4 - Install cams-license-keys.xml files

Step 5 - Copy master files to Cams policy servers

Step 6 - Configure Cams web agents

Step 7 - Start Cams policy servers

Step 8 - Start the Cams web agent

Step 9 - Confirm proper Cams cluster operation

More Cams Clustering Information

Policy Server Clustering

Installation and Configuration Management Strategy

Cluster Requirements

Cluster Configuration Management Strategy

Cluster Installation Strategy Overview

Example: A Typical Cams Cluster Configuration

Registering Cams Policy Servers

The Default Cams Policy Server Registration

Configuring a Cams Web Agent for Cluster Use

Global, Per-Cluster, and Per-Server Directories and Files

How Cams Policy Server Configuration Properties are Set

How Cams License Files are Loaded

Managing Cams Policy Server Security Domain Files

Where Cams Policy Server Log Files are Written

Configuring where Security Domain-specific Log Files are Written

Configuring where the Cams Policy Server Trace Log File is Written

Starting and and Stopping Clustered Policy Servers

Support for Multi-homed Computer Systems

Debugging Cams Policy Server Cluster Settings

Debugging Cams Agent Cluster Settings

Confirming Cluster Failover and Load Balancing

Hardening Cams Security

Securing Cams Network Connections

Firewall Configuration

Securing Communications

Using SSL when accessing LDAP user directories

Securing Cams Policy Server Files and Directories

Securing Cams Files and Directories under Unix/Linux

Securing Cams Files and Directories under Windows 2000/2003/XP

Changing the Cams keystore Password

Securing Cams Services and Web Agents

Cams Policy Server

Security Domains

Cams Web Agents

Securing Cams Web Agent Authentication

Securing Cams Web Agent Access Control

Using Cams Web Agent Session Hijacking Protection

XML Tag Library

Access Control Policy Tag Reference

Login Configuration Tag Reference

Security Domain Tag Reference

Security Domain Registry Tag Reference

Troubleshooting

Troubleshooting Cams FAQ

Troubleshooting Cams Access Control

Appendix

Log and Error Codes

Examples

Sample User Database

Password Digests

Performance Tuning

Regular Expressions

Securing Cams Communications using Secret Keys

SSL/TLS Mutual Authentication Primer

Configuring Apache 2 for SSL/TLS Mutual Authentication using an OpenSSL Certificate Authority

Using Cams with WebDAV

Support

Back | Next | Contents

© Copyright 1996-2008 Cafésoft LLC. All rights reserved.