Previous Topic: Solution 6: WS-Federation Signout

Next Topic: Solution 8: Multi-protocol Network

Solution 7: Identity Provider Discovery Profile (SAML 2.0)

Solution 7 illustrates how SiteMinder Federation Security Services can be employed to solve Use Case 7: Identity Provider Discovery Profile.

In this solution:

The following illustration shows the SiteMinder federated network for this solution.

SiteMinder Identity Provider Discovery Solution

Note: The SPS federation gateway can replace the Web Agent and Web Agent Option Pack to provide the SiteMinder Federation Web Services application functions. For information about installing and configuring the SPS federation gateway, see the CA SiteMinder Secure Proxy Server Administration Guide.

The sequence of events is as follows:

  1. User 1 initially authenticates at smcompany.com and then signs on to ahealthco.com without having to reauthenticate.

    There is an existing agreement between smcompany.com and ahealthcoIPD.com to use ahealthcoIPD.com as the IPD service. During the initial authentication process, the Identity Provider URL of smcompany.com is written to the common domain cookie at the IPD service.

  2. User 1, now successfully logged on to ahealthco.com, can look at his health benefits.
  3. User 1 then comes to a site selection page at ahealthco.com. Because a common domain cookie is set for smcompany.com and ahealthco.com is configured to use the IPD service, ahealthco.com knows that the user previously logged into smcompany.com. Therefore, ahealthco.com can make the appropriate links available to the user so that user can go back to smcompany.com to log in.


Copyright © 2010 CA. All rights reserved. Email CA about this topic