Description:

Does siteminder allow to pass variables and their values to IFRAMES pointing to unprotected pages, in order that those unprotected pages could use that variables? Example, I have a page build from www.a.com and www.b.com pages. www.b.com pages are delivered by a webserver without webagent.

Release:
Component: SMPLC

Component: SMAPC

Component: SMIIS

Solution:

As for security reasons, SiteMinder encrypts user's information's, you do need webagent running on your second webserver to decrypt them. WebAgent mechanism allows to retreive variable values and pass them to web servers. More, the second domain b.com should be protected by SiteMinder too to pass identity. So, we recommand you to install webagent on the server which hold the domain b.com site.

The target iframe will not be able to retrieve information as the server is not running any webagent. SiteMinder will return original URL after authentication, that means that we won't be able to modify URL.