SiteMinder is a centralized Web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.
It is a third party authentication provider: http://www.ca.com/in/secure-sso.aspx
SiteMinder can be deployed in both proxy server and agent configurations. The agent configuration installs a software agent on the web server and is the configuration addressed by this article.
The following steps occur when a user tries to access a protected resource on a web server configured to use SiteMinder authentication:
1. The user requests a resource on the server, either through a web browser or in a program using an HTTP request.
2. The request is received by the web server and is intercepted by the SiteMinder web agent.
3. The web agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy server.
4. The Policy server authenticates the user and verifies whether or not the authenticated user is authorized for the requested resource, based on rules and policies contained in the Policy store.
5. After the user is authenticated and authorized, the Policy server grants access to the protected resources.
In step 3 above, if no SiteMinder session exists, users are redirected to a login page where they are prompted to enter their credentials. Once the user is authenticated, a cookie is added to the response headers, creating a SiteMinder session. When this cookie is included on subsequent requests, the user is directed to the original URL without further prompting.
IN MY EXPERIENCE I HAVE WORKED ON THE MIGRATION OF A WINDOWS AUTHENTICATION PROTECTED SERVICE TO SITEMINDER PROTECTED ONE…The Siteminder Agent was set up on the Windows Server, and the site hosted on IIS site/secure path…
Siteminder IIS agent is an ISAPI filter/extension. It sits in the web server and passes through requests to the underlying page which no changes required on the page as long as you can look to a header for the authenticated user ID. The agent handles all the redirects for authentication and will preserve the originally requested location so that after authentication the user is sent on to the correct page.
To try to compare between SM ,and IWT, I searched for:
- siteminder vs integrated windows authentication
- SM allows Anonymous at IIS and avoids any use of Active Directory.
- 2. SITEMINDER VS KERBEROS SPNEGO AUTHENTICATION
- Needless to say, all these SSO solutions need additional proprietary components (either RSA Access Manager, or CA SiteMinder Policy Server, or IBM Tivoli Access Manager) to make it happen. Here I will present a way to set up SSO for Webtop where no extra component is necessary. The approach is to rely on SPNEGO support from Internet Explorer or Firefox. The underlying authentication protocol is Kerberos.: HTTP://DMDAA.WORDPRESS.COM/2009/12/24/SPNEGO-BASED-SINGLE-SIGN-ON-SSO-SETUP-FOR-WEBTOP/ this is the BEST…
- SiteMinder Kerberos Authentication: