Configure SiteMinder Sessions for Federated Single Sign-on

Agent Guides › SAML Affiliate Agent Guide › Configure Affiliate Settings › Configure SiteMinder Sessions for Federated Single Sign-on

Configure SiteMinder Sessions for Federated Single Sign-on

To provide single sign-on across partners in a trusted relationship, there are three types of session models for federated communication:

Default
Active Portal
Shared

An administrator can assign different models to different affiliated content at their site, depending on the security requirements for that content.

Use the following table as a guide for choosing the appropriate session model.

Session Model	Best Used For
Default	Affiliated content that requires minimal security.
Active Portal	Affiliated content that requires a moderate level of security. This model gives you a low-cost tie to the producer, or producer site The control of the session is essentially one-sided, with the session controlled by the producer. Minimum bandwidth is taken up exchanging session information between the consumer and the producer.
Shared	Affiliate content that requires the tightest level of security, such as payment data for a business transaction. This model lets you tie in the actions at the consumer with the session at the producer.

Session Model

Best Used For

Default

Affiliated content that requires minimal security.

Active Portal

Affiliated content that requires a moderate level of security.

This model gives you a low-cost tie to the producer, or producer site The control of the session is essentially one-sided, with the session controlled by the producer. Minimum bandwidth is taken up exchanging session information between the consumer and the producer.

Shared

Affiliate content that requires the tightest level of security, such as payment data for a business transaction. This model lets you tie in the actions at the consumer with the session at the producer.

For sessioning, Federation Security Services do not require the use of persistent cookies at the producer; the service can operate with the session or identity cookie. The type of cookie required at the producer depends on how the consumer and producer are sharing information.

The following table describes the different cookies needed for each model:

Session Model	Cookies Required at the Producer	Side that Manages the Session
Default	Identity or session cookie used to establish user profile	SAML Affiliate Agent configuration defines session parameters. A producer session is not required. The identity cookie generated during the authentication process can be used.
Active Portal	Session cookie	Producer defines session parameters, but the consumer (consumer site) manages the session, taking the session configuration from the producer.
Shared	Session cookie	Producer defines session; the producer and consumer sessions are synchronized.

Session Model

Cookies Required at the Producer

Side that Manages the Session

Default

Identity or session cookie used to establish user profile

SAML Affiliate Agent configuration defines session parameters.

A producer session is not required. The identity cookie generated during the authentication process can be used.

Active Portal

Session cookie

Producer defines session parameters, but the consumer (consumer site) manages the session, taking the session configuration from the producer.

Shared

Session cookie

Producer defines session; the producer and consumer sessions are synchronized.

More Information

Default Session Overview

Active Portal Session Overview

Shared Sessions

Email CA Technologies about this topic