Programming GuidesProgramming Guide for JavaAgent APISingle Sign-on › Log on through a Standard Agent

Previous Topic: Log on through a Custom Agent

Next Topic: Standard Agent Support
Log on through a Standard Agent

Here is the typical sequence of events that occurs in a single sign-on environment when the initial login is performed through the standard SiteMinder Web Agent:

  1. User logs in through the standard agent.
  2. Standard agent authenticates the user by challenging the user for credentials through the login call.
  3. SiteMinder creates the SMSESSION cookie in the user’s browser and inserts the encrypted token containing session information.
  4. User requests a resource protected by a custom agent.
  5. The custom agent obtains the SMSESSION cookie from the user’s request and extracts the token.
  6. The custom agent passes the token to the method decodeSSOToken(). The method decodes the token and returns a subset of the token’s attributes to the custom agent.
  7. The custom agent obtains the session specification from the token and passes the session specification to login(). The login call validates the user without challenging the user for credentials.
  8. User requests a resource protected by a standard SiteMinder agent.
  9. The standard agent performs a login operation, which validates the user based on the contents of the SMSESSION cookie. The user is not challenged for credentials.