saml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [saml-dev] SAML and Siteminder question
- From: QAZII@Nationwide.com
- To: nathan.given.lists@gmail.com
- Date: Fri, 9 Sep 2005 12:52:20 -0400
Nathan;
The way SSO works (same domain) is a
server creates an encrypted cookie and sets it on your browser. In
your case siteminder creates it. I am not familiar with that product
but the way access management products work is pretty much the same.
The siteminder server must have a key encrypting server which creates keys
that create encrypted cookies for the end user. Now in order for
any web server or application server to get the user context from this
cookie is to decrypt it. This can be done by either a siteminder
agent or Java/C API calls. I am not sure what APIs they expose but
they should be. It is pretty common. Check CA site for docs.
They should have information on their site about APIs. So you
need to ask the folks at the authentication side which servers to connect
to so that you can make an API call and decrypt the cookie. That's
all you need to do. Once you get the user context from the cookie
you can do further processing at your application server.
I can't disclose what I use here and
it won't really help you. Sorry about that.
I hope this helps...
Cheers,
Irfan
Nathan Given <nathan.given.lists@gmail.com>
09/09/2005 12:21 PM
Please respond to nathan.given.lists@gmail.com
|
From
| Nathan Given <nathan.given.lists@gmail.com>
|
To
| saml-dev@lists.oasis-open.org
|
cc
|
|
Subject
| Re: [saml-dev] SAML and Siteminder
question |
|
If you are using siteminder the only
way to decrypt their cookie is either through their agent or some API call.
ColdFusion is a different web/app server and won't know how to do
anything with that cookie. Your application will always present the
user a login page unless your CF server has either an agent or makes an
API call to decrypt the cookie. I use a 'similar product' and the
cookie created by siteminder will be decrypted by their proprietary decryption
algorithm -- which I don't think is available as open source.
Okay, so, where can I read about making an API call to siteminder to decrypt
the cookie? If I can use java, I *should* be able to integrate into
coldfusion.
Also, what is the 'similar product'? If it isn't too expensive, perhaps
I can make a case for purchasing it.
Thanks!
--
Nathan
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]