Integrate with CA SiteMinder® using the SiteMinder Connector

CA SiteMinder® Federation Standalone Guide › CA SiteMinder® Integration with CA SiteMinder® Federation Standalone › How to Integrate CA SiteMinder® Federation Standalone and CA SiteMinder® › Integrate with CA SiteMinder® using the SiteMinder Connector

Integrate with CA SiteMinder® using the SiteMinder Connector

The CA SiteMinder® Connector enables the following integrations:

Establishing an identity to generate an assertion.
At the asserting party, a user arrives at CA SiteMinder® Federation Standalone but has no session. The Connector communicates with CA SiteMinder® to establish a CA SiteMinder® session. The use of the session information results in a federation session and the generation of a SAML assertion for the user. With this assertion, the user can access protected federated resources at the relying party.
Determining authorization privileges from the assertion.
At the relying party, a user authenticates with CA SiteMinder® Federation Standalone and a federation session is generated. The Connector passes on the federation session with the user name to CA SiteMinder®, which generates a CA SiteMinder® session. By establishing this session, these users do not get rechallenged when accessing a protected resource. The user is now identified and access privileges for the user at the relying party can be determined.

The FEDSESSION cookie uses the following timeout settings:

Idle Timeout: 600 seconds (10 minutes)
Max Timeout: 900 seconds (15 minutes)

You cannot change these timeout settings in UI.

The Connector requires configuration in the CA SiteMinder® environment and in the CA SiteMinder® Federation Standalone environment, as shown in the following diagrams.

This graphic shows the Connector at the asserting party:

Graphic illustrating a SiteMinder Connector Deployment at the Asserting Party

This figure shows the Connector at the relying party.

Graphic illustrating a SiteMinder Connector Deployment at the relying party