Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › Information Card Authentication Schemes › SiteMinder Information Card Authentication Scheme (ICAS) › ICAS Overview
ICAS Overview
Authenticating a user with SiteMinder ICAS is a process that involves these components and steps:
- User
- Identity Selector
- Web Agent
- Relying Party (RP)
- Identity Provider (IdP)
- A user wants to visit a SiteMinder-protected Web site or Relying Party (RP).
- The Web agent intercepts the user's request and invokes ICAS.
- ICAS sends the RP's policy requirements to the Web agent.
- The Web agent instructs the user's browser to launch an Identity Selector on the user's computer and sends the RP's policy requirements.
- The Identity Selector reads the policy requirements and highlights for the user those information cards that satisfy the requirements. The user selects one highlighted card. The Identity Selector collects the user's credentials and sends them to the Identity Provider (IdP) for authentication. The Identity Selector also sends the RP's policy requirements to the IdP and requests a token.
Note: The user can select a card that contains optional claims not required by the RP.
- The IdP authenticates the user and processes the policy requirements. It generates a token containing the required claims and sends it back to the Identity Selector.
- The Identity Selector displays the claims, and the user approves release of the claims to the RP.
- ICAS decrypts the token, verifies the token's authenticity and integrity, and associates the user's claims to a user's identity in the user database. SiteMinder then performs standard policy-based authorization and grants access to the user if authorized.
- The user accesses the Web site.