With R12 SP2 CR01 the ASA for WebLogic has been enhanced to support its participation in a SiteMinder environment configured with the Security Zones feature. The ASA for WebLogic does not support all of the capabilities and features available in the SiteMinder Security Zones feature, but it can both create and process SiteMinder session cookies which have had the default prefix modified.
Which features of SSO Zones are supported at this moment by the Siteminder Web agent and the ASA?
Please find a summary of the differences between Zones Support in SiteMinder Web Agent and ASA Agent below:
|How many zones are supported?||As many as configured||ONLY 1|
|How are security zones configured?||Through ACO parameters: SSOZoneName and SSOTrustedZone||Doesn't honour the ACO parameters. Instead, is configured directly into the application server, with steps given in the Readme.|
|Supports "Default" zone?||Yes||No. The ASA can only support a SINGLE zone. It is either the default SMSESSION zone, or a custom-configured zone, but not both.|
|Supports "Trusted" zone list?||Yes||No. ASA only supports a SINGLE zone.|
Consider the diagram below from our Web Agent documentation: the ASA can only participate in either Zone A or Zone B. That is, it can create, accept and update a cookie labelled as ZONEASESSION or create, accept and update a cookie labelled as ZONEBSESSION, but it cannot do both, and so it cannot support Zone C.
<Please see attached file for image>
In a setup with two zones, A and B, for example, where the user has logged into A, he will be re-challenged the first time he tries to access a resource in B. After that, he can navigate from A to B without being re-challenged, as long as the cookies have not expired.
If you need further clarification regarding this feature please contact Tech Support.