CA SiteMinder® Federation Standalone Guide › Delegated Authentication › How the Third Party WAM Passes the User Identity › Third-party WAM Configuration for Cookie Delegated Authentication

Third-party WAM Configuration for Cookie Delegated Authentication

For delegated authentication to succeed, the third-party WAM must adjust its federated application, as follows:

• To communicate the authenticated user login ID through a cookie, the third-party WAM system must generate a cookie.
  • For Java applications, the WAM can use a CA SiteMinder® Federation Standalone Java SDK to create a legacy cookie or an open format cookie.
  • For .NET applications, the WAM can use a CA SiteMinder® Federation Standalone .NET SDK to create an open format cookie.
  • For languages other than Java and .NET, the WAM can create an open format cookie manually.

  For details on implementing the necessary class and methods, see the CA SiteMinder® Federation Standalone Java SDK Guide or the CA SiteMinder® Federation Standalone .NET SDK Guide. Each guide is installed with the SDK. If you create an open format cookie manually, review the details about the required contents of the cookie.

• The third party must know the values of the following Administrative UI settings Cookie Zone and Encryption Password parameters configured at the CA SiteMinder® Federation Standalone asserting party:
  • Global Cookie Zone
  • Encryption Password
  • Open-format Cookie Name
  • Open-format Cookie Encryption Transformation

  These values are used in the creation of the cookie.

• The third-party WAM system must create a redirect URL that sends the user back to CA SiteMinder® Federation Standalone. This URL has to send the user back to the CA SiteMinder® Federation Standalone Single Sign-on service. The CA SiteMinder® Federation Standalone Administrator has to communicate the Single Sign-on service to the third party in an out-of-band communication.

  Important! After the third-party WAM system receives an authentication request from CA SiteMinder® Federation Standalone, it must capture and resend any existing query string it receives as part of the incoming authentication request. The incoming request can have CA SiteMinder® Federation Standalone request information within the query string and must be passed along unchanged.

  Note: To pass the cookie, the third-party WAM system must be in the same cookie domain as CA SiteMinder® Federation Standalone at the asserting party.