Programming Guides › Programming Guide for Perl › Agent API › Single Sign-on and the Agent API › Single Sign-on Support for Custom Agents

Single Sign-on Support for Custom Agents

You can create a single sign-on object when logging in through a custom agent, not when logging in through a standard SiteMinder Web Agent.

Here is the typical sequence of events in a single sign-on environment when the initial login is through the custom agent script:

• User logs in through the custom agent script.
• Custom agent script calls Login() to authenticate the user. The user is challenged for credentials.
• Custom agent script calls CreateSSOToken() and passes to it information about the user (user name, user DN, IP address of the requesting client). SiteMinder adds this information to a token object along with session information returned from the login call. SiteMinder also encrypts the information in the token.
• Custom agent script calls GetString() to retrieve the token information in encrypted string form.
• Custom agent script creates the SMSESSION cookie in the user's browser and writes the token string to the cookie.
• User requests a resource protected by a standard SiteMinder agent.
• The standard agent performs a login operation, which validates the user based on the information in the single sign-on cookie. The user is not challenged for credentials.