Federation Manager Guide › Federation Manager Installation › Federation Manager Deployment in a Network › Federation Manager Deployment with SiteMinder › Proxy Mode with the SiteMinder Connector at the Relying Party
Proxy Mode with the SiteMinder Connector at the Relying Party
If Federation Manager is communicating with SiteMinder in proxy mode, all requests still pass through Federation Manager; however, Federation Manager has to establish a SiteMinder session with the Policy Server so that when the user requests SiteMinder-protected resources he is not rechallenged. The request is redirected to the target web server, which is protected by a SiteMinder Web Agent.
The following figure shows a proxy mode architecture with the SiteMinder Connector. This figure is from the perspective of the relying party.
The previous figure shows the following communication flow at the relying party:
- A user requests a federated resource and is redirected to the relying party's assertion consumer service.
- Based on the data received in the assertion, Federation Manager authenticates the user, which includes communicating with the user directory to complete the user disambiguation process.
- The SiteMinder Connector, as part of Federation Manager, contacts the custom authentication scheme at the SiteMinder Policy Server. A SiteMinder session ticket is created by the Policy Server, which it sends to Federation Manager. Federation Manager then creates a session cookie that includes the ticket. Establishing a SiteMinder session ensures the user is not challenged later when accessing the target resource.
- Federation Manager returns a redirect response back to the user's browser.
- The browser redirects the user to Federation Manager and Federation Manager proxies the request to the web server with the target resource, which is protected by the SiteMinder Web Agent.
- The SiteMinder Web Agent and Policy Server perform the authorization process.
After successful authorization, the target resource is presented to the user's browser.
