Agent Guide › Overview › SiteMinder Identity Asserter (IA) › How the SiteMinder Identity Asserter Handles HTTP Requests

How the SiteMinder Identity Asserter Handles HTTP Requests

The SiteMinder Identity Asserter handles requests for HTTP resources from the following types of users:

• Users with preestablished SiteMinder sessions (with an SMSESSION cookie) without challenging them for credentials (validating the session and obtaining user names from the associated SiteMinder session ticket cookies).

  Note: SMSESSION cookies can be associated with requests from users with existing SiteMinder Single Sign-On (SSO) sessions or obtained from a Web Agent on a front-end proxy server configured to Intercept HTTP requests, validate user credentials through policies defined on the Policy Server, and forward requests together with user credentials (in a session cookie) to WebLogic.

• Users without preestablished SiteMinder sessions by challenging them for credentials using SiteMinder basic or advanced authentication schemes. A SiteMinder Web Agent provides authentication services for advanced authentication schemes. When configured to challenge requests for credentials, the SiteMinder IA supports the following authentication schemes:
  • Basic
  • Basic over SSL
  • HTML Forms
  • X509 Client Certificate
  • X509 Client Certificate and Basic
  • X509 Client Certificate or Basic
  • X509 Client Certificate and HTML Forms
  • X509 Client Certificate or HTML Forms

Identity Asserter architecture and data flow is shown in the following diagram.

The SiteMinder Identity Asserter always validates requests which contain SiteMinder session cookies; configure it to challenge other requests for credentials.

Note: If you must only allow requests with SiteMinder sessions (with an SMSESSION cookie) to access web applications, you can use the SiteMinder Identity Asserter as a standalone component without any of the other SiteMinder Agent components.