Previous Topic: Case 3: Agent for SAP Web AS and Federation Manager with the SiteMinder Connector

Next Topic: Install and Configure the SiteMinder Agent

SiteMinder Agent for SAP Web AS GuideSiteMinder Agent for SAP Web AS Deployment ExamplesCase 3: Agent for SAP Web AS and Federation Manager with the SiteMinder ConnectorHow Use Case 3 Works

How Use Case 3 Works

When the SiteMinder Agent for SAP Web AS operates in Federation mode, it works with Federation Manager to handle requests for federated resources on the SAP Web AS. If SiteMinder is protecting the SAP Web AS server, the Policy Server generates and validates the SiteMinder session and user identity information. Additionally, Federation Manager generates a cookie that contains user attributes that are passed on to the target application on the SAP Web AS.

Use Case 3 includes the following components in the network:

The communication process is as follows:

  1. The federated user authenticates at the asserting party, which generates a SAML assertion.
  2. The asserting party passes the assertion to Federation Manager at the relying party.
  3. Federation Manager with the SiteMinder connector enabled, contacts the Policy Server, which generates an SMSESSION cookie that includes SiteMinder session and identity information. Additionally, Federation Manager itself generates a FEDPROFILE cookie that contains user attributes.
  4. The SiteMinder Web Agent intercepts the request and validates the user using the SMSESSION cookie.

    The target URL you configure in Federation Manager is a protected resource of the Web Agent.

  5. The Web Agent forwards the request and the FEDPROFILE cookie to the SAP Web AS.
  6. The SAP Web Application server invokes the login module, which calls the SiteMinder Agent for SAP Web AS.
  7. The SiteMinder Agent for SAP Web AS extracts the contents of the SMSESSION and FEDPROFILE cookies and asserts the user session and user attributes to the SAP Web AS.
  8. The SAP Web AS delivers the requested resource to the user.

Note: For enterprise users connecting directly through the SiteMinder agent (rather than the asserting party, the communication process is identical to Use Case 1 which is discussed earlier in this chapter.