OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML and Siteminder question


The way SSO works (same domain) is a server creates an encrypted cookie and sets it on your browser.  In your case siteminder creates it.  I am not familiar with that product but the way access management products work is pretty much the same.   The siteminder server must have a key encrypting server which creates keys that create encrypted cookies for the end user.  Now in order for any web server or application server to get the user context from this cookie is to decrypt it.  This can be done by either a siteminder agent or Java/C API calls.  I am not sure what APIs they expose but they should be.  It is pretty common.  Check CA site for docs.  They should have information on their site about APIs.  So you need to ask the folks at the authentication side which servers to connect to so that you can make an API call and decrypt the cookie.  That's all you need to do.  Once you get the user context from the cookie you can do further processing at your application server.

I can't disclose what I use here and it won't really help you.  Sorry about that.  

I hope this helps...


Nathan Given <nathan.given.lists@gmail.com>

09/09/2005 12:21 PM
Please respond to nathan.given.lists@gmail.com
 Nathan Given <nathan.given.lists@gmail.com>
Re: [saml-dev] SAML and Siteminder question

If you are using siteminder the only way to decrypt their cookie is either through their agent or some API call.  ColdFusion is a different web/app server and won't know how to do anything with that cookie.  Your application will always present the user a login page unless your CF server has either an agent or makes an API call to decrypt the cookie.  I use a 'similar product' and the cookie created by siteminder will be decrypted by their proprietary decryption algorithm -- which I don't think is available as open source.

Okay, so, where can I read about making an API call to siteminder to decrypt the cookie?  If I can use java, I *should* be able to integrate into coldfusion.

Also, what is the 'similar product'?  If it isn't too expensive, perhaps I can make a case for purchasing it.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]