What are the ways to integrate Single Sign On with SiteMinder and a to-be-developed java/.Net bespoke solution?

java .net single-sign-on siteminder
user690429 picture user690429 · Apr 4, 2011 · Viewed 20.5k times · Source

I am thinking of building a bespoke solution using either java or .NET and I want to integrate the authentication layer with SiteMinder.

A. From what I have found so far, it seems that SiteMinder provides some kind of APIs for external application to pass the login credentials to Siteminder and Siteminder is able to revert whether the login credentials are correct or not:

-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_java_dev_enu.pdf

-https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_sdk_overview_enu.pdf

=> From your experience, is there any issue when you implement this?

B. After authentication, I envisage SiteMinder would pass the login user ID to my to-be-developed application, which will search the database to find out the roles and functions associated with the login user ID. This means that I would need to have a database table storing the list of user IDs from SiteMinder.

=> Is there any way to export the userIDs and names from siteminder into a flat file? I am thinking of setting up a regular data interface job that will extract user info from siteminder and updating my to-be-developed application.

Answer

sk_ picture sk_ · Sep 4, 2011

A. I strongly recommend not to use the SDK if you're not obligated to. Your code will be too tied to Siteminder and might break on every upgrade of the Siteminder infrastructure. The SDK is used when there are no other solutions.
A more standard way to integrate Siteminder would be to install a Web Agent/J2EE Agent on your web/application server. Siteminder will take care of the authentication process of the user, so you don't have to worry about passwords and passing credentials to Siteminder. This authentication process is totally transparent for the application.
Once the user is authenticated by Siteminder, the web agent will add specific HTTP headers to the request with informations on the user (username, email address, applicative roles, other informations...).
The application just has to fetch and trust these informations in the incoming HTTP request.

B. You have two way to achieve this:

  1. Siteminder can add these informations in a header, so you don't have to handle them.
  2. If you really need those informations in your database, Barra already gave you the most significant informations.

Related questions

What are major differences between C# and Java?

I just want to clarify one thing. This is not a question on which one is better, that part I leave to someone else to discuss. I don't care about it. I've been asked this question on my job interview …

Read More
Setting a log file name to include current date in Log4j

I would like to set the log file name for a log4j and log4net appender to have the current date. We are doing Daily rollovers but the current log file does not have a date. The log file …

Read More
Is there anything like .NET's NotImplementedException in Java?

Is there anything like .NET's NotImplementedException in Java?

Read More