Previous Topic: CA SSO/WAC Integration OverviewNext Topic: CA SiteMinder® and CA SSO Integration Prerequisites

Policy Server GuidesPolicy Server Configuration GuideCA SSO/WAC IntegrationSiteMinder and CA SSO Integration Architectural Examples

SiteMinder and CA SSO Integration Architectural Examples

The following examples demonstrate single sign-on between CA SiteMinder® and CA SSO environments:

  1. A user authenticates to CA SiteMinder® using a Web browser and then accesses an CA SSO-protected resource (see Example 1: User Accesses SiteMinder-Protected Resource Before CA SSO).
  2. A user authenticates to CA SSO through a desktop CA SSO Client and then accesses a CA SiteMinder®-protected resource using a Web browser (see Example 2: Authenticated CA SSO Client User Accesses SiteMinder Resource).
  3. A user authenticates to CA SSO using a Web browser and then accesses a CA SiteMinder®-protected resources (see Example 3: User Accesses CA WAC-Protected Resource Before SiteMinder).

More information:

Configure Single Sign-On from CA SSO Client to SiteMinder

User Accesses SiteMinder-Protected Resource Before CA SSO

The following example illustrates a user accessing CA SiteMinder®-protected resource before a WAC-protected resource:

Graphic showing a user accessing a SiteMinder protected resource before CA SSO

  1. The user tries to access a CA SiteMinder®-protected resource and the CA SiteMinder® Web Agent/CA SiteMinder® SPS intercepts the request. The user provides the Agent/SPS with authentication credentials.
  2. The Web Agent/CA SiteMinder® SPS forwards the credentials to the Policy Server for validation.
  3. The Policy Server verifies that the credentials of the user are valid.
  4. After successful authentication, the Policy Server requests the CA SSO Policy Server to issue and return a CA SSO cookie for the user.
  5. The CA SSO Policy Server validates the user and forwards the CA SSO web authentication credentials of the user to the Policy Server.
  6. The CA SiteMinder® Policy Server forwards the CA SSO web authentication credentials to the CA SiteMinder® Web Agent/CA SiteMinder® SPS.
  7. The CA SiteMinder® Web Agent/CA SiteMinder® SPS sets the CA SSO web authentication and CA SiteMinder® cookies in the browser of the user. The resource appears to the user.
  8. The user tries to access a CA SSO resource and the eTrust WAC Web Agent intercepts the request.
  9. The eTrust WAC Web Agent validates the CA SSO web authentication cookie credentials of the user with the CA SSO Policy Server.
  10. The CA SSO Policy Server tells the eTrust WAC Web Agent that the user has valid credentials.
  11. The eTrust WAC Web Agent allows the user to access the CA SSO-protected resource.
Authenticated CA SSO Client User Accesses SiteMinder Resource

The following example illustrates an authenticated CA SSO client user accessing a CA SiteMinder® protected resource:

Graphic showing an authenticated CA SSO client user accessing a SiteMinder resource

  1. An authenticated CA SSO Client user launches a Web browser. While this is happening, the CA SSO Client places an CA SSO Web authentication cookie into the browser.
  2. The user tries to access a CA SiteMinder®-protected resource using the Web browser and the request is intercepted by the CA SiteMinder® Web Agent/CA SiteMinder® SPS.
  3. The CA SiteMinder® Web Agent/CA SiteMinder® SPS forwards the CA SSO Web authentication cookie to the CA SiteMinder® Policy Server.
  4. The CA SiteMinder® Policy Server forwards the CA SSO Web authentication cookie to the CA SSO Policy Server.
  5. The CA SSO Policy Server validates the CA SSO Web authentication cookie and returns the user name to the CA SiteMinder® Policy Server.
  6. The CA SiteMinder® Policy Server verifies the returned user name in the CA SiteMinder® user store, then issues a corresponding CA SiteMinder® cookie and returns it to the CA SiteMinder® Web Agent/CA SiteMinder® SPS.
  7. The CA SiteMinder® Web Agent/CA SiteMinder® SPS returns the requested resource to the user, who now has the authentication cookie credentials necessary for CA SiteMinder® and CA SSO environments.
User Accesses eTrust WAC-Protected Resource Before SiteMinder

The following example illustrates a user accessing a WAC-protected resource before the product.

Note: The example assumes that the environment is using an IIS6 WAC Agent. An IIS6 WAC Agent is the only platform that the following example supports.

Graphic showing a user accessing an eTrust WAC protected resource before a SiteMinder protected resource

  1. The user tries to access a CA SSO-protected resource and the eTrust WAC Web Agent intercepts the request. The user provides the Agent with authentication credentials.
  2. The agent forwards the credentials to the CA SSO Policy Server for validation.
  3. The CA SSO Policy Server verifies that the credentials of the user are valid.
  4. The CA SSO Policy Server forwards the eTrust SSO web credentials of the user to the eTrust WAC web agent.
  5. The eTrust WAC web agent sets the CA SSO web authentication cookie in the web browser of the user.
  6. The user tries to access a protected resource and the web agent/CA SiteMinder® SPS intercepts the request.
  7. The web agent/CA SiteMinder® SPS forwards the CA SSO web authentication credentials of the user to the Policy Server.
  8. The Policy Server forwards the CA SSO web authentication credentials of the user to the eTrust SSO Policy Server.
  9. The CA SSO Policy Server validates the CA SSO web authentication credentials of the user. Then the CA SSO Policy Server forwards the user name back to the Policy Server.
  10. The Policy Server verifies the returned user name in the user store, then issues a corresponding cookie and returns it to the agent/CA SiteMinder® SPS.
  11. The Web Agent/CA SiteMinder® SPS sets the cookies in the browser of the user. This process allows the user to access the requested resource.