Web Agents that do not specify a security zone name (such as all pre-SiteMinder 6.x QMR 5 Web Agents) are considered to belong to the default zone. For backwards compatibility, the default zone is implicitly assumed to have a zone name of SM. This allows SiteMinder r12.0 SP2 Web Agents to support SMSESSION and SMIDENTITY by default with no configuration changes.
Web Agents that do not specify a list of trusted zones trust only their own single sign-on zone (either a specified zone name or default zone if no zone name has been specified).
A Web Agent can be configured to trust other zones in addition to the default zone. It can also use a specified zone name and list no other trusted zone. Agents always trust their own zone first, regardless of whether or not additional trusted zones are specified. In order for a Web Agent using a non-default zone to trust the default zone as well, it must list "SM" in its trusted zone list.
Copyright © 2006 CA. All rights reserved. | Email CA about this topic |