Administration GuideSiteMinder Secure Proxy Server OverviewSPS in an EnterpriseSPS Support for Cookieless Sessions › Cookieless Session Scheme in a Federation Environment

Previous Topic: SPS Support for Cookieless Sessions

Next Topic: SPS Support for Extranet Access Control
Cookieless Session Scheme in a Federation Environment

The SPS, with its built-in handling of cookieless session schemes, enables it to be deployed in environments where the user agent, such as a wireless device, does not support traditional SiteMinder cookies.

If you deploy the SPS in a SiteMinder federation security services environment, the following process is enforced when a user request is received:

  1. The SPS receives a request for a federated resource. The request is directed to the Federation Web Services (FWS) application at the site producing assertions.
  2. The SPS verifies if cookieless federation is enabled for the virtual host requesting the redirect.
  3. If a cookieless scheme is being used, the SPS removes the session key (SMSESSION cookie) for the current session.
  4. The SPS sends the user to the link provided by the FWS redirect.

If the SPS is using a rewritable session scheme such as simple_url session scheme, the SPS rewrites the redirect response to include the session key information in the redirected URL.