CA Siteminder can be used to implement Single Sign On in both single and Multiple domain environments.SiteMinder implements SSO across multiple cookie domains using a cookie provider. The cookie provider is a specially configured SiteMinder Agent. It passes a cookie called SMSESSION cookie, that contains the user’s identity and session information to other cookie domains in question. This enables the user to get authenticated across different domains.We can call the specially configured Agent as the Master Cookie Provider.The users are only challenged for credentials when they first try to access a protected resource.Once they are authorized and authenticated, users can access freely across domains, without re-entering their credentials.
When we configure an Agent Configuration Object, there we can see the Cookie Provider parameter in which we can enter the URL which will act as the cookie provider.
The cookie provider URL, defined in the Agent’s CookieProvider configuration parameter, dictates which Web Agent acts as the cookie provider. The cookie domain where the cookie provider resides is designated the cookie provider domain. No other cookie domains within the single sign-on environment should be configured with a cookie provider. All Web Agents within the same single sign-on environment should reference the same cookie provider domain.
For enabling Single Sign On between Web servers in a single domain we need to ensure that the same Cookie domain is specified in each WebAgent configuration and the cookies are enabled whereas for enabling Single Sign On between Web servers in multiple domains we need to configure exactly one WebAgent as the Cookie provider.All Web servers participating in Single Sign On must have their Cookie provider URL set to this URL in the web server configuration file for SiteMinder.
If a cookie provider web agent becomes unavailable for any reason, it may cause an outage for any agents configured to redirect to that agent via the Cookie Provider URL. Therefore, it is important in a production environment to implement a high availability solution. Just like any other web agents, cookie providers generally are made highly available through the use of network devices, such as load balancers.