Previous Topic: Programming Guide for the Federation .NET SDKNext Topic: Installation of the .NET SDK


Overview of the CA SiteMinder Federation .NET SDK

This section contains the following topics:

Architecture of the .NET SDK

Programming Prerequisites

Architecture of the .NET SDK

The CA SiteMinder Federation .NET SDK helps a .NET application to federate. Using the .NET SDK, .NET applications can provide user information to CA SiteMinder Federation, and can consume user information provided by CA SiteMinder Federation. The .NET SDK uses a global open format cookie to represent user identity and encapsulate the user principal and attributes. The .NET SDK uses a key derived from a shared secret to encrypt the cookie. Any application that knows the shared secret and the cryptographic transform can consume the cookie and retrieve user information. The .NET SDK uses the AES algorithm for encrypting and decrypting the open format cookie.

A .NET application on the asserting party side uses the .NET SDK to pass the login ID for authenticated users to CA SiteMinder Federation. CA SiteMinder Federation extracts the login ID from the cookie and adds it to a Federation Assertion, which is sent to relying party. CA SiteMinder Federation can add additional attributes to the cookie and change some of the cookie settings, for example, the maximum age for a cookie. A .NET application on the relying party side uses the .NET SDK to retrieve user and session-related information sent by CA SiteMinder Federation.

The following diagram shows the role of the .NET SDK at the asserting party and the relying party:

Illistration Descripting how the software works with the DotNet SDK and an open format cookie.

Programming Prerequisites

The .NET SDK is implemented in C#, only using features that are part of the Microsoft Common Language Specification (CLS). The .NET SDK is therefore accessible from applications written in any language that supports the CLS, for example, Visual Basic .NET, Visual C# .NET, and Visual C++ .NET.

The .NET SDK interfaces are available through the CA.Federation.FedIdentitySdk.dll. .NET applications can reference this DLL using the namespace CA.Federation.FedIdentitySdk.

The .NET application has to pass cookie zone, cookie name, and the shared secret to the .NET SDK. The .NET application can store this data in any way convenient, for example, in a configuration file. The application can encrypt the password, but must decrypt it before passing it to the .NET SDK. The password must be passed as a plain text character array. The configuration values of cookie zone, cookie name, and encryption password must be the same at both the sides (the .NET Application and CA SiteMinder Federation). These values are communicated out-of-band.