Benefits of SiteMinder Federation Security Services
SiteMinder Federation Security Services supports:
Secure profile sharing—The ability to exchange user profile information with partners in a secure manner.
Flexible attribute sharing--You control which user attributes to share with which partners.
Flexible user mapping—The ability to establish a one-to-one or n-to-one relationship between remote producer/IdP and local consumer/SP user accounts.
Cross-domain single sign-on—A user session can be established in a different domain from the domain where the user was initially authenticated without requiring the user to sign on multiple times. Additionally, for SAML 2.0, single sign-on can be supported in a multi-SAML protocol cross-domain environment.
Enhanced Client or Proxy profile (ECP) for single sign-on (SAML 2.0)--The ECP profile determines how an enhanced client (browser or user agent) or HTTP proxy wireless access protocol (WAP) gateway can communicate with a Service Provider and an Identity Provider. An ECP knows how to contact the appropriate Identity Provider associated with a user, allowing a Service Provider to make an authentication request without knowledge of the Identity Provider.
Cross-domain single logout/signout--A user session can be terminated across different domains, regardless of whether the logout was initiated at the producing authority or the consuming authority.
Identity Provider Discovery Profile (SAML 2.0)--You control which Identity Provider a user relies on for obtaining an assertion by using the SiteMinder Identity Provider Discovery Service, which stores Identity Provider information in a common domain cookie.
Policy-based access control--Once a user session is established based on user information received from a partner, all the power of SiteMinder is available to control access to resources through a centralized policy administration model.
Rich session models (SAML Affiliate Agent only)--If the SAML Affiliate Agent is acting as the consumer, you can configure separate portal and affiliate sessions, a single session at the portal, or a shared session that provides single sign-on as well as single sign-off. The SAML Affiliate Agent only supports SAML 1.0.
Note: These session models are not applicable if the SAML credential collector is the consumer.
Notifications (SAML Affiliate Agent only)--If the SAML Affiliate Agent is acting as the consumer, it can notify the SAML producer when the user accesses specific resources at the affiliate site.
Interoperability through the use of open standards--Standards facilitate interoperability across heterogeneous environments. SiteMinder Federation Security Services supports the following standards:
SAML, to provide the structure for sharing security data
HTTP, for communication between Web browsers and servers
SSL, for encrypting security data passed between partners
SOAP, to provide an envelope for the SAML messages exchanged between a producer and consumer
Policy-based model--All these benefits are provided using a policy-based model that does not require any code to be written.
