User Authentication and Authorization with SiteMinder

Hi All

I am new the RoR and would like some advice on how to integrate
authentication/authorization in my Rails app.

For those who are not aware SiteMinder authenticates users and then
redirects the user back to the application that requested authentication
while setting response header which look something like this


I have no problem parsing these headers but I want a comprehensive
for my needs.

I looked into ActiveRBAC but I think its an overkill, I would like to
‘before_filter’ technique to protect actions against users whose roles
grant them certain permissions. But I don’t want to implement my own
User/Role inheritance object graph, I would rather re-use some kind of
plug-in/component etc.

Would you guys recommend any for SiteMinder integration.


linux user wrote:

Hi All

I want a comprehensive solution for my needs.

What is the limitation of just parsing SM’s headers that makes it
non-comprehensive for your needs? Also, SM has built-in authorization
policy engine that you can use to control URLs in your site (although as
far as I can tell most people use SM for authentication only).

On 8/7/06, Francis C. [email protected] wrote:

Posted via

Rails mailing list
[email protected]

I was looking for out-of-the-box solution incase somebody had already
implemented some kind of plugin/engine which seamlessly weaves into my
web-app and provides easy integration just like ActiveRBAC does.

I am sure this is a common requirement in many enterprise applications
it would be very cool to have a engine/plugin of some kind. Does anybody
know of any?


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs