Previous Topic: Federating with Each CA SiteMinder® Federation ModelNext Topic: Federation Web Services


Comparing Federation and Web Access Management for Single Sign-on

Advantages of Federation and Web Access Management

Federation and web access management (WAM) offer different benefits for single sign-on. Determining when to use federation or WAM single sign-on is dependent on your deployment.

Federation allows you to expand on your WAM capabilities; it does not replace those capabilities.

Federation has the following advantages:

These advantages make federated partnerships better for an environment where sites are remote, inaccessible, or under third-party control.

CA SiteMinder® WAM single sign-on has the following advantages:

These advantages make WAM single sign-on better suited to an environment with sites that are under your control, such as internal data centers.

Deployments that Favor Federation

Federation is advantageous in networks where your company does not control the server. For example, a third party owns the web server and does not allow you to install a web agent on the server. Also, when a remote server is in a location where there is a high network latency between the web agent and Policy Server. When you have no control over the target server, a SAML assertion is an ideal way to pass identity information.

The partners in a federated network follow the specific standards for the protocol used in communications. The common standards make the generating and consuming of assertions universal. The result is that the vendor at the asserting or relying party is not important nor is the remote location of each vendor.

Finally, federation is a good solution when timeouts are not a major concern, and obtaining identity information is the goal. External authorization checking is not a focus of federation.

Deployments that Favor Web Access Management

WAM single sign-on works best in an environment where you have control over each website. Having CA SiteMinder® in the same data center as the website or other internal single sign-on environments are good deployments for web access management. Controlling over each website is also important for auditing your network performance and monitoring timeout issues.

WAM single sign-on lets you integrate with an application by way of a WAM session. WAM implementations also reduce some of the performance issues inherent with federation. For example, a transaction that is initiated by an asserting party can require several redirects after a user selects a link to make a request.