Federation Manager Guide › SiteMinder Integration with Federation Manager › How to Integrate Federation Manager and SiteMinder › Integrate with SiteMinder using the SiteMinder Connector

Integrate with SiteMinder using the SiteMinder Connector

The SiteMinder Connector enables the following integrations:

• Establishing an identity to generate an assertion.

  At the asserting party, a user arrives at Federation Manager but has no session. The Connector communicates with SiteMinder to establish a SiteMinder session. The use of the session information results in a federation session and the generation of a SAML assertion for the user. With this assertion, the user can access protected federated resources at the relying party.

• Determining authorization privileges from the assertion.

  At the relying party, a user authenticates with Federation Manager and a federation session is generated. The Connector passes on the federation session with the user name to SiteMinder, which generates a SiteMinder session. By establishing this session, these users do not get rechallenged when accessing a protected resource. The user is now identified and access privileges for the user at the relying party can be determined.

The FEDSESSION cookie uses the following timeout settings:

• Idle Timeout: 600 seconds (10 minutes)
• Max Timeout: 900 seconds (15 minutes)

You cannot change these timeout settings in UI.

The Connector requires configuration in the SiteMinder environment and in the Federation Manager environment, as shown in the following diagrams.

This figure shows the Connector at the asserting party:

This figure shows the Connector at the relying party.