Single Sign On across Multiple domains

CA Siteminder can be used to implement Single Sign On in both single and Multiple domain environments.SiteMinder implements SSO across multiple cookie domains using a cookie provider. The cookie provider  is a specially configured SiteMinder Agent. It passes a cookie  called SMSESSION cookie, that contains the user’s identity and session information to other cookie domains in question. This enables the user to get authenticated across different domains.We can call the specially configured Agent as the Master Cookie Provider.The users are only challenged for credentials when they first try to access a protected resource.Once they are authorized and authenticated, users can access freely across domains, without re-entering their credentials.

When we configure an Agent Configuration Object, there we can see the Cookie Provider parameter in which we can enter the URL  which will act as the cookie provider.

The cookie provider URL, defined in the Agent’s CookieProvider configuration parameter, dictates which Web Agent acts as the cookie provider. The cookie domain where the cookie provider resides is designated the cookie provider domain. No other cookie domains within the single sign-on environment should be configured with a cookie provider. All Web Agents within the same single sign-on environment should reference the same cookie provider domain.
For enabling Single Sign On between Web servers in a single domain we need to ensure that the same Cookie domain is specified in each WebAgent configuration and the cookies are enabled whereas for enabling Single Sign On between Web servers in multiple domains we need to configure exactly one WebAgent as the Cookie provider.All Web servers participating in Single Sign On must have their Cookie provider URL set to this URL in the web server configuration file for SiteMinder.

If a cookie provider web agent becomes unavailable for any reason, it may cause an outage for any agents configured to redirect to that agent via the Cookie Provider URL. Therefore, it is important in a production environment to implement a high availability solution. Just like any other web agents, cookie providers generally are made highly available through the use of network devices, such as load balancers.

2 Responses to“Single Sign On across Multiple domains”

  1. vinod
    November 21, 2012 at 2:07 PM #

    how cookies willbe generated betwen two domains?


  1. Definition of Identity Management | All About Identity and Access Management - January 13, 2015

    […] Single Sign On Systems […]

Leave a Reply

Your email address will not be published. Required fields are marked *


Proudly powered by WordPress   Premium Style Theme by