Running a Custom IdP Federation Service using the SDK to get SMSESSION, once the user has been authenticated on IdP side, the Custom code calls a resource to get the SMSESSION for that user.

Is there other ways to get the SMSESSION outside the access to a protected resource, like a Web Service?

When running the CA Access Gateway (SPS), yes, there's a Web Service you can use to get a SMSESSION cookie (1):

You can use the authentication and authorization web services to support an application that is not otherwise protected. A free-standing application on a mobile phone, for example, can authenticate a user when the appropriate SiteMinder objects are available.

1. Configuring the Authentication and Authorization Web Services