Programming GuidesProgramming Guide for JavaAgent APISingle Sign-on › Log on through a Custom Agent

Previous Topic: Single Sign-on

Next Topic: Log on through a Standard Agent
Log on through a Custom Agent

Here is the typical sequence of events in a single sign-on environment when the initial login is through the custom agent:

  1. User logs in through the custom agent.
  2. Custom agent calls login() to authenticate the user. The user is challenged for credentials.
  3. Custom agent calls createSSOToken() and passes to it information about the user (user name, user DN, IP address of the requesting client). SiteMinder adds this information to a token along with session information returned from the login call. SiteMinder also encrypts the information in the token.
  4. Custom agent creates the SMSESSION cookie in the user’s browser and writes the token to the cookie.
  5. User requests a resource protected by a standard SiteMinder agent.
  6. The standard agent performs a login operation, which validates the user based on the information in the single sign-on cookie. The user is not challenged for credentials.