This section contains the following topics:
The CA SiteMinder® Federation .NET SDK helps a .NET application to federate. Using the .NET SDK, .NET applications can provide user information to CA SiteMinder® Federation, and can consume user information provided by CA SiteMinder® Federation. The .NET SDK uses a global open format cookie to represent user identity and encapsulate the user principal and attributes. The .NET SDK uses a key derived from a shared secret to encrypt the cookie. Any application that knows the shared secret and the cryptographic transform can consume the cookie and retrieve user information. The .NET SDK uses the AES algorithm for encrypting and decrypting the open format cookie.
A .NET application on the asserting party side uses the .NET SDK to pass the login ID for authenticated users to CA SiteMinder® Federation. CA SiteMinder® Federation extracts the login ID from the cookie and adds it to a Federation Assertion, which is sent to relying party. CA SiteMinder® Federation can add additional attributes to the cookie and change some of the cookie settings, for example, the maximum age for a cookie. A .NET application on the relying party side uses the .NET SDK to retrieve user and session-related information sent by CA SiteMinder® Federation.
The following diagram shows the role of the .NET SDK at the asserting party and the relying party:
The .NET SDK is implemented in C#, only using features that are part of the Microsoft Common Language Specification (CLS). The .NET SDK is therefore accessible from applications written in any language that supports the CLS, for example, Visual Basic .NET, Visual C# .NET, and Visual C++ .NET.
The .NET SDK interfaces are available through the CA.Federation.FedIdentitySdk.dll. .NET applications can reference this DLL using the namespace CA.Federation.FedIdentitySdk.
The .NET application has to pass cookie zone, cookie name, and the shared secret to the .NET SDK. The .NET application can store this data in any way convenient, for example, in a configuration file. The application can encrypt the password, but must decrypt it before passing it to the .NET SDK. The password must be passed as a plain text character array. The configuration values of cookie zone, cookie name, and encryption password must be the same at both the sides (the .NET Application and CA SiteMinder® Federation). These values are communicated out-of-band.
Copyright © 2013 CA.
All rights reserved.
|
|