What are the ways to integrate Single Sign On with SiteMinder and a to-be-developed java/.Net bespoke solution?

java .net single-sign-on siteminder
20,583

Solution 1

A. I strongly recommend not to use the SDK if you're not obligated to. Your code will be too tied to Siteminder and might break on every upgrade of the Siteminder infrastructure. The SDK is used when there are no other solutions.
A more standard way to integrate Siteminder would be to install a Web Agent/J2EE Agent on your web/application server. Siteminder will take care of the authentication process of the user, so you don't have to worry about passwords and passing credentials to Siteminder. This authentication process is totally transparent for the application.
Once the user is authenticated by Siteminder, the web agent will add specific HTTP headers to the request with informations on the user (username, email address, applicative roles, other informations...).
The application just has to fetch and trust these informations in the incoming HTTP request.

B. You have two way to achieve this:

  1. Siteminder can add these informations in a header, so you don't have to handle them.
  2. If you really need those informations in your database, Barra already gave you the most significant informations.

Solution 2

A. API to create SiteMinder session but you need credential input from user

B. SiteMinder does not use it's own user repository. It is outsourced to optional LDAP or Database servers. So you deal with that component without going thru SiteMinder

Solution 3

If you don't want to install a Web Agent or are concerned about the security implications of using HTTP Headers, you might want to look into using SAML. SiteMinder includes support for SAML based user authentication which may be an easier solution to implement.

SAML is a standard SSO protocol, you should be able to find many examples and possibly even a ready built module that can be used.

Share:
20,583
Admin
Author by

Admin

Updated on July 16, 2022

Comments

  • Admin
    Admin almost 2 years

    I am thinking of building a bespoke solution using either java or .NET and I want to integrate the authentication layer with SiteMinder.

    A. From what I have found so far, it seems that SiteMinder provides some kind of APIs for external application to pass the login credentials to Siteminder and Siteminder is able to revert whether the login credentials are correct or not:

    -https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_java_dev_enu.pdf

    -https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP2-ENU/Bookshelf_Files/PDF/siteminder_sdk_overview_enu.pdf

    => From your experience, is there any issue when you implement this?

    B. After authentication, I envisage SiteMinder would pass the login user ID to my to-be-developed application, which will search the database to find out the roles and functions associated with the login user ID. This means that I would need to have a database table storing the list of user IDs from SiteMinder.

    => Is there any way to export the userIDs and names from siteminder into a flat file? I am thinking of setting up a regular data interface job that will extract user info from siteminder and updating my to-be-developed application.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

google calendar api server application
How to get Service Token from Kerberos using SSPI
Set the SMSESSION cookie to get the response back
Digital signature: sample code for verification and for extracting certification information
Integrating Spring Security with SiteMinder
Count Instances of Class
How to implement single sign-on in my java project?
How to check if X seconds has passed in Java?
How to Pass NULL Data Type?
how to implement single sign on in .Net?