OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML and Siteminder question


SAML is used for SSO across domains.  Since you are within the same domain you don't need to use SAML protocol.  

If you are using siteminder the only way to decrypt their cookie is either through their agent or some API call.  ColdFusion is a different web/app server and won't know how to do anything with that cookie.  Your application will always present the user a login page unless your CF server has either an agent or makes an API call to decrypt the cookie.  I use a 'similar product' and the cookie created by siteminder will be decrypted by their proprietary decryption algorithm -- which I don't think is available as open source.


Nathan Given <nathan.given.lists@gmail.com>

09/09/2005 11:59 AM
Please respond to nathan.given.lists@gmail.com
 Nathan Given <nathan.given.lists@gmail.com>
[saml-dev] SAML and Siteminder question

Hello All,

Disclaimer: I'm a newbie at all of this so please forgive me if I use
the wrong language or don't describe things well.  Also, I'm not sure
if this is the right place to post this... right now I just don't know
where else to turn.

Short Summary:

My university uses Siteminder for their Single Sign-On solution.  I
built a webapp for the university, and now the university IT people
are telling me it is going to cost $8,000 to install an agent on the
machine so that it will meet the SSO guidelines.

I don't have $8,000 and I was wondering if there was a open
source/free way to get SSO to work.

Long Story:

Brigham Young University, BYU, has an intranet called "Route Y".
Students login with their username and password, they get some cookies
(including a SMSESSION cookie), and then they are on the protected
part of the site.

Well, the portal of the protected part of the site contains a bunch of
links, and the IT people would like to include the Bookexchange that I
wrote in the list of links.

However, the bookexchange is running on a different server, and the IT
people said that in order to get the link, it needs to follow the SSO
requirements.  They then told me it would cost $8,000 to have an
engineer come over and install an agent on the machine.

I told them I didn't have that money.  They told me that if I could
figure out how to decrypt the SMSESSION cookie on my own then that
would be fine.  You see, the bookexchange is running within the same
domain as route y, and I have access to the SMSESSION cookie.  But I
don't know how to decrypt it (I'm using ColdFusion).

I searched google, "decrypt siteminder cookie" and I stumbled across
SAML.  However, my brain hurts and I'm having a tough time wrapping my
arms around all of this.

Is it possible to use SAML to get SSO to work with Siteminder?  Is
there anyone that has implemented something like this?  Is there a
"HOWTO" document somewhere?  (My problem right now is that I'm not a
siteminder expert or a SAML expert, so the documents I do read don't
make much sense to me because they assume I know about siteminder
and/or saml).


PS  Here is my server information:

Windows 2000 Server
Coldfusion 6.1

To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]