Programming Guides › Programming Guide for Perl › Agent API › Single Sign-on and the Agent API

Single Sign-on and the Agent API

In a single sign-on environment, a user who successfully authenticates through a given agent does not need to re-authenticate when accessing a realm protected by a different agent.

When a custom agent is involved in a single sign-on environment, the two agents must be in the same cookie domain—for example, xxx.domainname.com.

Single sign-on is made possible through a single sign-on cookie named SMSESSION. This cookie is created and written to the user's browser either by SiteMinder or by the custom agent.

The cookie's contents are retrieved from and written to the cookie in encrypted string form. The encrypted string is called a token.

The Agent API contains the following methods that allow custom agent scripts to share token information with standard SiteMinder Web Agents:

• CreateSSOToken(). After the user successfully logs in, the custom agent script passes information about the user to this method. The method creates a single sign-on token object from this user information and from session information returned from the login call.
• GetString(). After creating a token object, the custom agent script calls GetString() to retrieve the token as an encrypted string. The script then writes the token string to the SMSESSION cookie.
• Decode(). This method decrypts the token for the current token object and extracts the specified information. This method can also be used to update the last-access timestamp in the token.
• GetVersion(). Retrieves the SiteMinder version of the current token object.
• IsThirdParty(). Specifies whether the current token object was created by a custom (third-party) agent or a standard SiteMinder agent.