Previous Topic: Trusted Zone Order

Next Topic: Request Processing with Multiple User Sessions

The Default Single Sign-On Zone and Trusted Zone List

Web Agents that do not specify a security zone name (such as all pre-SiteMinder 6.x QMR 5 Web Agents) are considered to belong to the default zone. For backwards compatibility, the default zone is implicitly assumed to have a zone name of SM. This allows SiteMinder r12.0 SP2 Web Agents to support SMSESSION and SMIDENTITY by default with no configuration changes.

Web Agents that do not specify a list of trusted zones trust only their own single sign-on zone (either a specified zone name or default zone if no zone name has been specified).

A Web Agent can be configured to trust other zones in addition to the default zone. It can also use a specified zone name and list no other trusted zone. Agents always trust their own zone first, regardless of whether or not additional trusted zones are specified. In order for a Web Agent using a non-default zone to trust the default zone as well, it must list "SM" in its trusted zone list.


Copyright © 2006 CA. All rights reserved. Email CA about this topic