|
|
|
User sessions may be delegated between application tiers in a SiteMinder installation using the session ticket. The session ticket is the mechanism by which the user's identity is passed from one application tier to another. After getting the session ticket, each application can make authorization calls to the Policy Servers.
If your SiteMinder installation uses custom Agents, the custom Agent must have access to the information in the session ticket to maintain session information.
In addition to using the session ticket for delegation, the Web Agent makes a set of default HTTP headers available for session management that can be passed across different business application tiers such as Enterprise Java Beans (EJB) and Component Object Model (COM) based tiers. Included in these headers is a unique session ID and optionally, a universal ID. The session ID identifies an active user session.
The universal ID identifies the user to an application in a SiteMinder environment. This ID is typically not the same as the user's login ID, but is some other type of unique identifier like a telephone number or a customer account number. The universal ID helps facilitate identification between old and new applications. It delivers the user's identification automatically, regardless of the application. In addition, the ID is built into applications so that the applications have a user identification method that is separate from the user directory, which undergoes constant changes.
Both the session ID and the universal ID are shared among all the applications in a SiteMinder environment to maintain consistent user sessions.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |