Previous Topic: Policy Server Communicating Across a Data Center

Next Topic: Authentication and a Centralized Login Server

Login Server Controlling User Store Writes

The location of LDAP writable masters can constrain a SiteMinder deployment. Consider using one or more centralized login servers to eliminate requirements for writable masters in each data center.

The following diagram illustrates:

When users request access to a protected URL in data center one:

  1. The Web Agent redirects the request to the logon server in data center two. The redirect is based on the authentication scheme that is protecting the resource.

    Note: For more information about authentication schemes, see the Policy Server Configuration Guide.

  2. The Policy Server in data center two authenticates the user and writes to the master user store.
  3. The Policy Server creates a SiteMinder session ticket and passes it back to the original protected URL.

    Note: For more information about user sessions, see the Policy Server Configuration Guide.

  4. A Web Agent places the SiteMinder session ticket into a cookie, which it uses to handle subsequent authentication and authorization requests in the data center until the user requests another resource that requires additional credentials or the session expires.


Copyright © 2010 CA. All rights reserved. Email CA about this topic