SiteMinder Request Flow

The following steps occur when a user tries to access a protected resource on a web server configured to use SiteMinder authentication:


  1. The user requests a resource on the server(website), either through a web browser or in a program using an HTTP request.
  2. The request is received by the web server and is intercepted by the SiteMinder web agent.
  3. The web agent determines with the policy server whether or not the resource is protected.
  4. Policy Server checks with the LDAP server for any applicable Policy and Rule information.
  5. If the resource is protected, Policy Server checks that if a SiteMinder session already exists for the user or not.
  6. If no SiteMinder session exists,Policy Server asks the Web Agent to ask users for credentials.Users are redirected to a login page where they are prompted to enter their credentials.
  7. Web Agent gathers the user’s credentials and passes them to the Policy server.
  8. Web-Agent asks the policy server “Is User Authenticated?”
  9. The Policy server checks with the User Store on the LDAP SERVER if the supplied credentials are correct or not.If credentials are not valid the user is prompted to re enter the credentials or is redirected to a registration page.
  10. If credentials are valid, the user is authenticated .Once the user is authenticated, a cookie is stored in the user’s browser and for every redirect cookie information is added to the response headers, creating a SiteMinder session. When this cookie is included on subsequent requests, the user is directed to the original URL without further prompting for credentials.
  11. Next, the Policy server verifies whether or not the authenticated user is authorized for the requested resource, based on rules and policies contained in the Policy store. If user is not authorized, the Policy server returns an Access Denied error.
  12. After the user is authenticated and authorized, the Policy server grants access to the protected resources and response data is sent to web-agent to process response.
  13. The user is presented with the requested resource.

Leave a Reply

Your email address will not be published. Required fields are marked *


Proudly powered by WordPress   Premium Style Theme by