Federation Manager Guide › SiteMinder Integrated with Federation Manager › Integrate with SiteMinder using the SiteMinder Connector

Integrate with SiteMinder using the SiteMinder Connector

A deployed SiteMinder system can integrate with Federation Manager so that users authenticated by Federation Manager are not rechallenged by SiteMinder when they request a SiteMinder-protected resource. This integration is accomplished using the SiteMinder Connector, a software component included with Federation Manager.

The SiteMinder Connector acts as a SiteMinder agent. The Connector and a custom authentication scheme at the Policy Server establish a SiteMinder session for users authenticated by Federation Manager. By establishing a SiteMinder session, these users do not get re-challenged by SiteMinder when accessing a SiteMinder-protected resource. An SMSESSION cookie stores SiteMinder user session information and a FEDSESSION cookie stores Federation Manager user session information.

The FEDSESSION cookie uses the following timeout settings:

• Idle Timeout: 600 seconds (10 minutes)
• Max Timeout: 900 seconds (15 minutes)

You cannot change these timeout settings in UI.

You can also use the Connector at the asserting party to create a Federation Manager session from a SiteMinder session. To establish the SiteMinder session, SiteMinder authenticates the user first and then the user visits the asserting party.

Consider the following integration examples:

• For a user who authenticates at SiteMinder and has an SMSESSION, the SiteMinder Connector creates a Federation Manager session based on the contents of the SMSESSION cookie. Using the session information, Federation Manager generates a SAML assertion for this user. With this assertion the user can access protected federated resources at the relying party.
• For a user who authenticates at Federation Manager, the SiteMinder Connector can create a SiteMinder session for this user from the contents from the FEDSESSION cookie. The user can then access SiteMinder-protected resources.

The SiteMinder Connector requires configuration in the SiteMinder environment and in the Federation Manager environment, as shown in the following diagram: