|
|
|
A SiteMinder environment can be set up to include a Web application environment for web service protection and a federation environment for federated resource protection. This method can make a SiteMinder deployment more efficient.
Certain Federation Security Services features require a persistent user session because the SAML assertion must be stored in the session store at the Policy Server.
These features include:
Use of persistent user sessions can slow down performance because of the calls to the session store to retrieve assertions or handle log-off requests. However, security zones can eliminate the need for a persistent user session for requested producer-side applications protected by a Web Agent. A security zone is a segment of a single cookie domain, used as a method of partitioning applications to permit different security requirements for resource access. All applications in a single zone permit single sign-on to one another. If an application is in another zone, single sign-on is determined by the configured trust relationship.
Security zones are a part of SiteMinder's single sign-on feature and are implemented by SiteMinder Web Agents.
Note: In a federated environment, you can only configure Web Agents and SAML Affiliate Agents to use security zones. Secure Proxy Agents and Application Server Agents do not support this feature.
To configure security zones, you enter values for the following Web Agent parameters:
These parameters are part of an Agent Configuration Object or a local Agent configuration file.
To find more information about security zones, see the SiteMinder Web Agent Configuration Guide.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |