[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML and Siteminder question
Calling the SiteMinder API to decrypt smsession cookies would require your IT folks give you a shared secret and configure your application to act as a SiteMinder agent. It would also weaken the overall security of the university imho. Don't go there. It would be easier to just install the SiteMinder agent on your web server yourself instead of paying your IT group $8K to do it for you. A SM agent is very easy to install, anyone with basic web server skills can do it if you follow the instructions. From a licensing perspective there's usually no cost to add agents, but there is to add new users. Michael McCormick Lead Security Architect "THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: Nathan Given [mailto:nathan.given.lists@gmail.com] Sent: Friday, September 09, 2005 10:59 AM To: saml-dev@lists.oasis-open.org Subject: [saml-dev] SAML and Siteminder question Hello All, Disclaimer: I'm a newbie at all of this so please forgive me if I use the wrong language or don't describe things well. Also, I'm not sure if this is the right place to post this... right now I just don't know where else to turn. Short Summary: My university uses Siteminder for their Single Sign-On solution. I built a webapp for the university, and now the university IT people are telling me it is going to cost $8,000 to install an agent on the machine so that it will meet the SSO guidelines. I don't have $8,000 and I was wondering if there was a open source/free way to get SSO to work. Long Story: Brigham Young University, BYU, has an intranet called "Route Y". Students login with their username and password, they get some cookies (including a SMSESSION cookie), and then they are on the protected part of the site. Well, the portal of the protected part of the site contains a bunch of links, and the IT people would like to include the Bookexchange that I wrote in the list of links. However, the bookexchange is running on a different server, and the IT people said that in order to get the link, it needs to follow the SSO requirements. They then told me it would cost $8,000 to have an engineer come over and install an agent on the machine. I told them I didn't have that money. They told me that if I could figure out how to decrypt the SMSESSION cookie on my own then that would be fine. You see, the bookexchange is running within the same domain as route y, and I have access to the SMSESSION cookie. But I don't know how to decrypt it (I'm using ColdFusion). I searched google, "decrypt siteminder cookie" and I stumbled across SAML. However, my brain hurts and I'm having a tough time wrapping my arms around all of this. Is it possible to use SAML to get SSO to work with Siteminder? Is there anyone that has implemented something like this? Is there a "HOWTO" document somewhere? (My problem right now is that I'm not a siteminder expert or a SAML expert, so the documents I do read don't make much sense to me because they assume I know about siteminder and/or saml). THanks! -- Nathan PS Here is my server information: Windows 2000 Server IIS Coldfusion 6.1 --------------------------------------------------------------------- To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]