Release Comparison

This table compares the key features in all active releases for stmndr. Upgrading to latest releases provides:
casso1283
This topic compares the key features in all active releases for
SiteMinder
. Upgrading to latest releases provides:
  • New features
  • Improved User Experience
  • Cumulative bug fixes
  • Longer support life cycle
This topic highlights only the key features in a release. For information about the complete list of new and changed features in a release, see the and topics in Release Notes.
Authentication, Authorization, and Session Management
Feature
12.6
12.7
12.8
Use
Swagger Codegen in SiteMinder REST APIs
to accelerate the use of SiteMinder REST interface and to make it easy across different programming languages.
No
No
Yes, from Release 12.8.05
No
No
Yes
For Release 12.8 - 12.8.03
: Manually deploy the SameSite solution
From Release 12.8.04
: Built-in feature
Client applications can send
encrypted JWT
and securely transmit it to SiteMinder, as a part of the .
No
No
Yes, from Release 12.8.03
No
No
Yes, from Release 12.8.03
Theenables
SiteMinder
to accept JWT for authentication and authorization. The feature:
  • Performs Claim based authorization that uses persistent authentication session variables.
  • Integrates with Layer7 API Management.
  • Lets you disable SMSESSION for Single-Page Applications (SPA).
  • Lets
    SiteMinder
    act as an OpenID Resource Server.
No
No
Yes
at Authentication Scheme Level, allows you to restrict access by validating the Agent IP address against a list of permitted IP addresses.
No
No
Yes
allow you to create, read, update, and delete objects including federation entities and partnerships, and certificate services in policy store.
No
Yes
Yes
Support
JSON request and response formats through REST
Interface along with the existing XML request and response formats. For information, see.
No
No
Yes
allows Integrated Windows Authentication (IWA) to fallback to a forms-based authentication scheme.
No
Yes
Yes
Support for JSON request and response formats through REST Interface (in addition to existing XML request and response formats). For more information, see .
No
No
Yes
Federation
Feature
12.6
12.7
12.8
allows you to perform user authentication and authorization using different user repositories. User claims are returned from the user repository that authorizes a user.
No
No
Yes, from Release 12.8.05
in OpenID Connect lets you generate user claims with user attributes from different target user repositories.
No
No
Yes, from Release 12.8.05
configuration lets you apply users or groups filters at an authorization provider level for authorizing users and then generating tokens for only those users.
No
No
Yes, from Release 12.8.05
SiteMinder OpenID Connect Provider provides a new option to generate , which contains information about the authorized user and the scope of actions allowed for that user.
No
No
Yes, from Release 12.8.05
SiteMinder OpenID Connect Provider provides an option to to secure the communication between Authorization Endpoint and Access Token Endpoint.
No
No
Yes, from Release 12.8.05
Multiple clients that are associated with an authorization provider can maintain their own encryption configuration using the .
No
No
Yes, from Release 12.8.05
Exported SAML 2.0 metadata contains information about the signing and encryption algorithms that are used in a federation partnership.
No
No
Yes, from Release 12.8.05
SAML 2.0 federation partnerships provide additional signing algorithms (RSASSA-PSS) and encryption algorithms (AES-GCM and RSA-OAEP).
No
No
Yes, from Release 12.8.05
IdP passes the authentication request that it receives from SP to the assertion generator plug-in, which can based on the RequestedAttributes in the authentication request from SP.
No
No
Yes, from Release 12.8.05
SiteMinder as IdP can validate the base URL with a destination URL in an authentication request in IdP-initiated requests to ensure that the request is legitimate.
No
No
Yes, from Release 12.8.05
lets you authenticate users with one user directory and authorize them with another user directory. The assertion attributes are returned from the user directory that is used for authorizing a user.
No
No
Yes, from Release 12.8.04
No
No
Yes, from Release 12.8.04
Federation partnerships contain the Allow Nested Groups or AND Users/Groups parameters
to allow the management of user authorization filters at the federation layer.
No
No
Yes, from Release 12.8.04
No
No
Yes, from Release 12.8.03
, which allows an application on a domain to access a resource on any other domain.
No
No
Yes, from Release 12.8.03
if SiteMinder is configured with User Pools and Identity Pools in AWS for authenticating users.
No
No
Yes, from Release 12.8.03
allows you to perform user authentication and authorization using different user directories at IdP. Attributes are returned from the user directory that authorizes a user.
No
No
Yes, from Release 12.8.03
No
No
Yes, from Release 12.8.03
No
No
Yes, from Release 12.8.03
No
No
Yes, from Release 12.8.02
SiteMinder
as an OpenID Connect Provider allows clients to verify the identity of users that are authenticated by the authorization server, and obtain basic profile information. For information, see
No
Yes
Yes
supports clients that are browser-based, use a scripting language, and are Single-Page Applications (SPA).
No
No
Yes
SiteMinder
as OpenID Connect Provider:
No
No
Yes
Authentication Using Authorization Code Flow (previously known as Validate Access Token Endpoint) validates the received Access Token or Refresh Token, and returns information such as token status and scope.
No
No
Yes
AllowNativeDisabledUserCheck parameter in the XPSConfig utility allows you to deny access to the native disabled users at SP side user directory for certain directories. See .
No
Yes
Yes
Administration, Internals, and Supportability
Feature
12.6
12.7
12.8
Superuser can assign administrator privileges at a and for LDAP and ODBC user stores. Nested groups are supported in Active Directory and dynamic groups are supported in Symantec Directory.
No
No
Yes, from Release 12.8.05
No
No
Yes, from Release 12.8.05
Policy Server can use a new registry key to in the smps.log file.
No
No
Yes, from Release 12.8.05
SiteMinder
logs display a timestamp that includes milliseconds upto 3 digits
.
No
No
Yes, from Release 12.8.05
  • What was the change
  • When was the change made
  • Who made the change
  • What are the old and current values of the object
No
No
Yes, from Release 12.8.05
Access Gateway provides a new parameter,
usePKIXTrustManager
, to determine whether SunX509 or PKIX is used as TrustManager during the SSL handshake in a backchannel communication.
No
No
Yes, from Release 12.8.05
No
No
Yes, from Release 12.8.05
No
No
Yes, from Release 12.8.03
The AssertionGenerate log message in smaccess.log contains the following information of a federation transaction:
  • Username
  • Federation protocol
  • Federation partnership name
No
No
Yes, from Release 12.8.03
. A Web Agent is not required to capture the audit data for successful login, logout, or invalid login events of the Administrative UI.
No
No
Yes, from Release 12.8.03
To reduce the number of calls between the Policy Server and Administrative UI, the Administrative UI now uses a cache for certificate management. For more information, see Trusted Certificates and Private Keys.
No
Yes
Yes
SiteMinder
supports using Web Agents in dynamically scaled environments such as Docker containers, OpenShift. For more information, see
.
No
Yes
Yes
feature allows you to view the list of objects that depend on a specific object.
No
Yes
Yes