Previous Topic: CA SiteMinder® Federation Standalone Deployment with CA SiteMinder®Next Topic: Standalone Mode with the SiteMinder Connector at the Relying Party

CA SiteMinder® Federation Standalone Installation and Upgrade GuideInstall CA SiteMinder® Federation StandaloneHow to Run the CA SiteMinder® Federation Standalone Configuration WizardCA SiteMinder® Federation Standalone Deployment with CA SiteMinder®Proxy Mode with the SiteMinder Connector at the Relying Party

Proxy Mode with the SiteMinder Connector at the Relying Party

If CA SiteMinder® Federation Standalone is communicating with CA SiteMinder® in proxy mode, all requests still pass through CA SiteMinder® Federation Standalone; however, CA SiteMinder® Federation Standalone has to establish a CA SiteMinder® session with the Policy Server so that when the user requests CA SiteMinder®-protected resources he is not rechallenged. The request is redirected to the target web server, which is protected by a CA SiteMinder® Web Agent.

The following graphic shows a proxy mode architecture with the CA SiteMinder® Connector. This graphic is from the perspective of the relying party.

Graphic showing the Federation system as Proxy to SiteMinder

The previous figure shows the following communication flow at the relying party:

  1. A user requests a federated resource and is redirected to the relying party's assertion consumer service.
  2. Based on the data received in the assertion, CA SiteMinder® Federation Standalone authenticates the user, which includes communicating with the user directory to complete the user disambiguation process.
  3. The CA SiteMinder® Connector, as part of CA SiteMinder® Federation Standalone, contacts the custom authentication scheme at the CA SiteMinder® Policy Server. A CA SiteMinder® session ticket is created by the Policy Server, which it sends to CA SiteMinder® Federation Standalone. CA SiteMinder® Federation Standalone then creates a session cookie that includes the ticket. Establishing a CA SiteMinder® session ensures the user is not challenged later when accessing the target resource.
  4. CA SiteMinder® Federation Standalone returns a redirect response back to the user's browser.
  5. The browser redirects the user to CA SiteMinder® Federation Standalone and CA SiteMinder® Federation Standalone proxies the request to the web server with the target resource, which is protected by the CA SiteMinder® Web Agent.
  6. The CA SiteMinder® Web Agent and Policy Server perform the authorization process.

    After successful authorization, the target resource is presented to the user's browser.