Implementation Guide › Configuration Considerations › Security Zones

Security Zones

Security Zones are groups of resources in a single cookie domain that a CA SiteMinder® Web Agent protects. Users authenticate once, and can then access other resources in the zones (for which they are authorized) without being rechallenged.

Without Security Zones, users could possibly be challenged each time they access a protected resource in the same cookie domain; even if they have previously been authenticated by CA SiteMinder® for another resource in the cookie domain. The following illustration shows an example:

Consider implementing Security Zones in the following situations:

• You have several resources in a cookie domain, but you want to apply different access restrictions to those resources.
• You want to enable SSO between different resources in the same cookie domain.
• You want to create groups of resources that span several cookie domains and allow SSO between them.
• You have a large organization with a single cookie domain, and you use multiple instances of CA SiteMinder® to protect resources in your organization. Security Zones let you separate the resources to control access within the single cookie domain. Without Security Zones, the cookies used by one CA SiteMinder® instance could possibly overwrite the cookies of another CA SiteMinder® instance (cookie stomping) because the cookie domain name is the same for both instances.

The following illustration shows how Security Zones can be used so that only a single log in allows a user access to resources in Security Zones 1 and 3, but prevents access to unauthorized resources in Security Zone 2:

Note: For more information, see the Web Agent Configuration Guide.