Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the ways to integrate Single Sign On with SiteMinder and a to-be-developed java/.Net bespoke solution?

I am thinking of building a bespoke solution using either java or .NET and I want to integrate the authentication layer with SiteMinder.

A. From what I have found so far, it seems that SiteMinder provides some kind of APIs for external application to pass the login credentials to Siteminder and Siteminder is able to revert whether the login credentials are correct or not:

-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_java_dev_enu.pdf

-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_sdk_overview_enu.pdf

=> From your experience, is there any issue when you implement this?

B. After authentication, I envisage SiteMinder would pass the login user ID to my to-be-developed application, which will search the database to find out the roles and functions associated with the login user ID. This means that I would need to have a database table storing the list of user IDs from SiteMinder.

=> Is there any way to export the userIDs and names from siteminder into a flat file? I am thinking of setting up a regular data interface job that will extract user info from siteminder and updating my to-be-developed application.

like image 987
user690429 Avatar asked Apr 04 '11 02:04

user690429


People also ask

How SSO works with SiteMinder?

In SiteMinder single sign-on (SSO), a user successfully authenticates through one agent and does not have to re-authenticate when accessing a realm protected by a different agent. The two agents must be in the same cookie domain, for example: /abc.siteminder.com.

Why we use SiteMinder?

Symantec SiteMinder provides a unified access management platform that applies the appropriate authentication mechanism to positively identify users; provides single sign-on and identity federation for seamless access to any application; enforces granular security policies to stop unauthorized access to sensitive ...

What is SiteMinder?

Computer Associates (CA) SiteMinder, formerly Netegrity SiteMinder, is an enterprise infrastructure product that enables centralized, secure Web access management. Its features include user authentication and single sign-on, policy-based authorization, and identity federation.


2 Answers

A. I strongly recommend not to use the SDK if you're not obligated to. Your code will be too tied to Siteminder and might break on every upgrade of the Siteminder infrastructure. The SDK is used when there are no other solutions.
A more standard way to integrate Siteminder would be to install a Web Agent/J2EE Agent on your web/application server. Siteminder will take care of the authentication process of the user, so you don't have to worry about passwords and passing credentials to Siteminder. This authentication process is totally transparent for the application.
Once the user is authenticated by Siteminder, the web agent will add specific HTTP headers to the request with informations on the user (username, email address, applicative roles, other informations...).
The application just has to fetch and trust these informations in the incoming HTTP request.

B. You have two way to achieve this:

  1. Siteminder can add these informations in a header, so you don't have to handle them.
  2. If you really need those informations in your database, Barra already gave you the most significant informations.
like image 137
sk_ Avatar answered Sep 20 '22 11:09

sk_


A. API to create SiteMinder session but you need credential input from user

B. SiteMinder does not use it's own user repository. It is outsourced to optional LDAP or Database servers. So you deal with that component without going thru SiteMinder

like image 42
Barra Avatar answered Sep 22 '22 11:09

Barra