I am using a Web browser to access Web pages protected by SiteMinder.

I was successfully authenticated by SiteMinder and navigating the protected pages, and finally closed the Web browser (all windows).

After then a few minutes later, I opened a new Browser window, and tried to access the same pages. But I was re-challenged for a login authentication. Why?

I believe that: cookies are preserved even if closing the Browser window, and the are re-used when opening a new window.

Web Agent all

The behavior you experienced is as expected. 

SiteMinder issues an SMSESSION cookie when you are authenticated such as following. 

set-cookie: SMSESSION=KYj0qT9Lh　. . . . . . . ; path=/; domain=.example.com

However, this issued cookie does not have the 'Expires' attribute. In this case, the cookie is a type of 'session', and is deleted when the session is ended, i.e, the browser is closed.

Therefore, you were re-authenticated at that time.